Everyone's talking about the Sony megahack, and for good reason. The sheer amount of data (up to 11 TB), and the contents (passwords, employee social security numbers, corporate secrets, emails) have everyone reeling. There are a ton of questions surrounding the attack - how, why, who's behind it - but I'd like to pose one that speaks to the greater implications of the incident.
Is it time for everyone to start encrypting internal communications?
Industries like healthcare and finance, among others, are no strangers to the need to protect email communications, but what I found so interesting about the Sony case was that the content was not what we typically consider "sensitive". Of course you need to encrypt that message containing medical history, payment details, or identifying information....an email talking about an upcoming movie release or your opinion on a certain celebrity? Encryption probably isn't your first thought.
As entertaining as it may be for us to read the studio's secrets (the email from Channing Tatum is my personal favorite), there's no questioning the damage this is going to have on Sony's reputation, and I think it should serve as a wake up call to everyone. Take a look at your intra-office correspondence. What would happen if it was leaked?
Obviously I'm a little biased, but S/MIME encryption is pretty easy to use (you can even set up Outlook to automatically encrypt every message), and ensures only the intended recipient can access the contents of the email.* Regardless of the solution itself, I think the key takeaway here is that protecting internal communications should be on everyone's minds right now. The Sony incident makes it clear that email encryption isn't just for regulated industries any more.
So what do you think? Is it time for everyone to start encrypting?
*Assuming you put more care into protecting the private keys than Sony did with their passwords...