Lessons from the Sony Hack

Lessons from the Sony Hack

January 20, 2015

Many of us are aware of what took place recently when Sony Corporation’s entire computer network was breached by a group of hackers that work under the disguise name “Guardians of Peace”.  We know that sensitive information on Sony’s 6,800 employees was compromised.  Information which includes names, addresses, Social Security numbers, medical information, credit card and bank account numbers.

It begs the question, how could this have been avoided?  What can be done in the future to prevent this from happening?  What steps can be taken, on an individual level, to help prevent this?  

Long before the most recent events at Sony, identity theft was a serious and fast-growing problem.  Consider the following facts:

  1. Identity theft is the fastest growing crime in America.
  2. The number of identity theft incidents has reached 9.9 million a year, according to the FTC.
  3. It takes the average victim an estimated $500 and 30 hours to resolve each identity theft crime.

(Retrieved 12/30/14, http://www.transunion.com/personal-credit/identity-theft-and-fraud/identity-theft-facts.page, Transunion, 2014)

Growing use of the internet and computers is what is most commonly blamed for the raise in identity theft related crimes.  But just because we are an “online” society, does not mean we can’t protect ourselves from these types of crimes.  Here are 5 tips on how to prevent cyber-criminals from stealing your identity.  

1.       Use strong passwords and remember them using password managers!

Did you know that studies are performed each year to see what the most common passwords that people use are?   You know what makes the top of the list every year?  “123456”, “12345678”, and the word “password”.   I wish I was kidding.  Many of us use the word “password” as our password.  To be clear, this is like leaving your wallet and car keys in the front seat of your unlocked car with an arrow pointing to it saying, “Free!  Take me!”  

Instead, use a series of unrelated letters, numbers, and special characters.  Avoid using actual words.  Many hackers use programs that will cycle through common words in the dictionary to try and detect your password.  If you have a hard time remembering your passwords, try using a password manager that securely stores your passwords electronically.  There are several password managers that can do this for you securely.  I use iPassword on my iPhone.  For $4.99, it stores as many passwords as I need it to.  

2.       Be careful when choosing a security question to retrieve your password

If you have the option, try not to choose a security question which would be easy to find the answer to.  Some common ones are “What is your mother’s maiden name?” or “What city were you born in?”  Someone that is really trying to gain access to your account could probably dig this information up relatively easily. 

3.       When shopping online, use a credit card. 

I am not implying that you should build credit card debt, but I am suggesting that you use a credit card to make online purchases which can be paid off at the end of the month.  When bank account information is stolen, cyber-criminals have access to your hard earned cash.  Keep in mind that fraudulent transactions can be disputed and many times recovered regardless of whether or not it was through a credit card or bank account.  However, the dispute process can take time which is why it is preferable (and probably less scary) to deal with a credit card transaction than your actual bank account.

4.       Only make online purchases through secure sites. 

You can easily tell when a website is secure because the website address on the top of the web browser will display “https” as opposed to “http” at the beginning of the address.  Look for “https” and you will know it is secure which means that any information you submit through that site will be encrypted, thus making it far more difficult to be compromised.  

5.       Know your rights - FACTA. 

You probably knew that you were entitled to receive a copy of your credit report once per year, but did you know that you can request this from each of the three major credit bureaus (Equifax, TransUnion and Experian)?  This means that, under The Fair and Accurate Credit Transactions Act (FACTA), you can check your credit report three times per year, or every four months.  This is a great way to monitor for any fraudulent activity.

By learning how to best protect yourself, you are equipping yourself with the right tools for fighting this type of crime.  It is like installing an alarm in your home, or having a watch dog.  Will taking these steps guarantee that you will never be a victim?  Perhaps not.  After all, the employees at Sony can hardly be blamed for what happened to them.  However, by taking the right precautions we can surely sleep more comfortably at night knowing that we've put the necessary safeguards in place. 

Josh Willink, MBA
Marketing Coordinator