Late last November, Sony Pictures Entertainment became the victim of the largest cyber attack on an American corporation.
An estimated 11 terabytes of data were leaked online, including confidential emails and documents from the company that revealed private information about employees’ personal lives, executive salaries, and future film projects.
The Obama administration determined it was the work of North Korean hackers commissioned by the government in retaliation to Sony’s satirical film mocking their country, “The Interview.”
On Wednesday, Sony Pictures Entertainment CEO Michael Lynton discussed the incident and its consequences with Marketplace’s David Brancaccio at the 2015 Business Insider IGNITION conference.
Lynton said there were two main lessons Sony learned, and he thinks they apply to any business.
1. Have a plan in place for a large-scale cyber attack.
Lynton said that many companies are aware that they need to constantly bolster their cyber security systems to avoid hackers from stealing information or taking control of a site, but far fewer are prepared for an attack that is supported by a sovereign nation, like the North Korean hack last year was.
“So you better have a contact — as we did, from Nicole Seligman, who’s the president of Sony Corporation — in the FBI or in the Department of Justice, or Homeland Security, or somewhere where they actually know what they’re doing,” Lynton explained.
“There are plenty of places to call, but you need to know who to call,” he said. “And quite candidly, [most CEOs], myself included, wouldn’t have known who to call.” It was only because they were able to bring in federal agencies within 24 hours that Sony was able to mitigate the harmful effects of an already highly dangerous situation.
Of course, this insight lends itself to global corporations, but his general point is that safeguards aren’t enough; you need a Plan B that can be enacted as soon as all of them fail.
2. Close your inbox and start picking up the phone more often.
One of the reasons the hack was so devastating was that employees across Sony had regularly revealed either highly confidential or deeply personal information in emails sent from their Sony accounts. The leak served as a wake-up call to the company, Lynton said.
“We have become as a culture, and I think everybody would say this, over-reliant on email,” he said. “And it is particularly true if you are in a multinational company and you’re dealing with multiple time zones and a lot of people are on the road all the time.”
But even though it may take a bit more time and effort to coordinate a phone call with a colleague in a different part of the world, it is worth it. It applies to communication within your own office, as well. Lynton’s point is essentially that if your and others’ careers would be jeopardized by having an emailed message become public, take that message and communicate it another way.
Lynton said that even a year after the hack, he’s found that people in Sony “are a little bit more moderate with the way they’re expressing themselves generally,” but he thinks it will just be temporary. “It is the entertainment business,” he said.
And that’s fine as long as they keep those non-moderate remarks out of their emails.
Business Insider Emails & Alerts
Site highlights each day to your inbox.