If there’s a lesson for everyone to learn from the Sony hacking scandal, it’s this: keep your kids on your desk, not on your desktop.
Employees at Sony Pictures learned this the hard way. Amy Pascal, a senior executive, left Sony Pictures after leaked emails spurred some of the nastiest fallout of the scandal. Even line employees found the scandal didn’t just touch their work life—it was very personal.
"The hackers were able to gain access to every file that was kept on servers at Sony Pictures," said Dr. Randy Boyle, a cyber security professor at Longwood University. "For Sony employees, this was devastating. In addition to stealing comprehensive HR data about each employee, hackers also stole employees’ personal photos of their children and families, personal bank statements, personal legal documents, scanned receipts for personal purchases, etc. The list goes on and on. These were all stolen and dumped on public servers as part of the leak."
Everyone who downloaded the data or looked through the hundreds of gigabytes worth of files had access to all of Sony Pictures data—even employees’ personal files that were kept on company computers. Even worse, technology has advanced to the point that extracting additional sensitive information out of photos is quick and easy.
"Hackers, and anyone else for that matter, can easily extract street addresses from images that contain geotagged information—including images that were stolen from Sony. This means hackers can determine who you are, where you live, and what your house looks like on the inside based on photos you store on your work computer" said Boyle. "This underscores the problem with putting personal information on work computers or devices: it’s never secure, no matter what."
Cyber criminals focus most of their attention on businesses and corporations, said Boyle. That is, after all, where the money and people are. Rather than waste their time going after one individual’s information, it’s more efficient to attempt to steal hundreds, if not thousands and millions, of identities in one fell swoop. Of the list of top data breaches of all time, all of them are corporations, and all of them have leaked sensitive employee information to criminals:
- Heartland Payment Systems, 130 million records compromised
- Target Stores, 110 million records
- Sony Entertainment, 102 million records
- Anthem, 80 million records
- Epsilon, 60 million records
- Home Depot, 56 million records
- Evernote, 50 million records
- Living Social, 50 million records
- TJX Companies, 46 million records
And they’re smarter than many think. "Hackers know that employees use their work computers to make personal purchases, store personal information and conduct personal business over email," said Boyle. "That’s why they want to hit you at work, and that’s why it’s critical that everyone stop using their work machines for personal use."
Most employees think that even an innocuous photo of them playing with their kids at home is an innocent display of parental pride. They may even make it their desktop background. But Boyle says that even that photo can lead to trouble. "If that photo is stolen, the data that is hidden within the file can lead a criminal to your address and give valuable other clues that may lead to your identity being stolen," he said. "Think about it—that photo may inadvertently give criminals a glimpse at your expensive artwork, home electronics, the layout of your home, etc. Most importantly it shows your child’s face—and you don’t want that in the hands of someone with nefarious attention waiting for you to tweet about how you’re enjoying your vacation—away from home."
"Keep your kids on your desk, not on your desktop," he said, "for their sake, as much as yours."
Boyle is an author and professor of cyber security at Longwood University in Farmville, Virginia.
Leave a Comment