LEAKED: Two observations from the Sony Pictures hack
SteveI am sure you have heard or read about the widespread hack and subsequent leaks of massive amounts of corporate information like email archives and other sensitive organizational (and HR) data at Sony Pictures.
If you would like to be familiar, or at least caught up, a useful timeline of the hack and the leaks, (which appear to be ongoing), is here.
Embarrassing email exchanges, written potshots being taken at various industry players, and even a dump (in the form of an Excel spreadsheet), of salary and other HR data for the organization's executives.
A mess. And seemingly not going anywhere, not for a while anyway.
So here are my two, thought about this for 10 minutes, observations for HR/Talent professionals from this brouhaha.
1. It's time to stop thinking of Email as private, secured communication. I think since the rapid rise, and subsequent realization of the lack of privacy of public social networks like Twitter and Facebook, we somehow look at email, in comparison, and think it is private and secure. And while it should be, the Sony hack is just another example that reminds us that any communication in written, digital form is not ever 100% secure. We use Email so much, and in the large company environment it is so essential and ubiquitous, we have become beguiled to accept it as (mostly) private by default. And that is, in a word, insane. Forget about getting hacked by a malicious 3rd party - all it takes for your private, sensitive, possibly career-threatening email to get out into the world is one tiny error in the CC box, or one slip-up when forwarding something to John Jones and having it go to John Johnson instead. Lesson: Stop emailing so much (general). And talk to your leaders, managers, and employees about maybe picking up the phone once in a while.
2. Employee and HR data in Excel spreadsheets is likely your single largest HR data-related risk area. Every single company has HR or Comp people with salary, bonuses, and other HR/Compensation data sitting in Excel spreadsheets on individual PCs and company servers. For smaller companies, this is usually out of necessity: Excel is the only tool available to them to do comp calculations and analyses. But even in larger companies that have powerful and sophisticated Compensation Planning tools, often these tools are used to simply dump Employee and Comp data into Excel for additional manipulation and even file sharing. The Comp planning systems are powerful and secure. Excel spreadsheets are powerful and highly insecure (ask Sony). Where should you insist your Comp data remain?
We have spent literally years reminding our kids and each other that nothing that gets posted on Facebook or Instagram is really private.
It is also time to remind ourselves and our employees that nothing posted anywhere is really private either.
Have a great week!
