Data Breaches and Sony seem to be a fairly consistent theme. Remember back to 2011 when the Play Station Network suffered a breach that leaked out 77 million records…well if you hadn’t heard, it happened again for the media giant…and this time…it is likely to cost a lot more than the $177 million that the last one did.
The real question that must be asked is who’s fault is it? Well the first line of defense against a data breach is each and every one of Sony’s 141,000 employees…and every company out there should take a lesson from the acts, actions and inactions that lead to the leaking of this information.
While I have not personally seen any of the leaked files, the reports that I have seen list one of the main culprits in the breach as being the inclusion of plain text “password files” that had all the information the hackers needed right there in plain sight. Access codes and a road map to the deepest darkest levels of the Sony “Digital Empire”. Sure, some of this was because of lazy System Administrators…but those SysAdmins had nothing to do with the all of the Social Media sites for movies and the broader Sony Social Footprint.
When it comes to Digital Security, the diligence of the lowliest employee (ie the Temp Worker filling in at the front desk) all the way up to the CEO of the company can not be taken for granted.
I have said this before and will say it again…Passwords need to be stronger. In fact, recently I have personally added to levels of security to my own online security:
Hashing Passwords: I now hash all my passwords…they are still excessively long (no less than 12 semi random letter/number/character combinations. To hash your own passwords here is a good way to start: https://crackstation.net/hashing-security.htm. To make it easier for me to remember these long and impossible to remember combinations, I instituted a hashing system on my server…I don’t need to remember the actual hash…just the password itself.
Two Factor Authentication: Similar to the hashing server…I have linked as many of my online accounts to a two factor authentication system. The easiest that I have found is the Microsoft and the Google setups that send an authentication code to my phone when I attempt to login…but there are many other options for two factor authentication out there: https://twofactorauth.org/
One other suggestion though…as we close out 2014…look to what your password actually is…even after the numerous attempts by every online security expert out there…the most common passwords out there still read like a list from the International Book of Stupid:
Smarten up people!