Based on the case study, Sony should come up with access and data protection controls to promote information security for unreleased digital films and emails. According to the information in the case study, the attack was severe because it indicated massive confidential data were stolen. The attackers accessed a broad range of data, including the ones that concerned employees’ salaries and bonuses. In this view, there is a need to take critical preventive measures to ensure that private information is secure. First, Sony should encrypt sensitive data to make sure that it is not accessed by unauthorized persons (Marwaha & Bedi, 2013). It should regularly backup all its crucial information and store them in a different location. Second, it should utilize two-factor authentication.
Although the method used by the attackers to access Sony’s data is not known, it is likely that they used credentials that are offered by insiders, which could not be possible if it utilized two-factor authentication. Sensitive individual data should be separated from others. Leaked data showed that folders containing salary, health, as well as other personal data were kept in the same directorate, implying that the case would have been different (Marwaha & Bedi, 2013). Another preventive measure that Sony should take to ensure its data are secure from unreleased digital films and emails is avoid storing the password in the same place as password-protected files. Loader and Thomas (2013) say that files should not be accompanied by passwords because this will make it easy for attackers to hack data.
It is also critical for Sony to conduct regular external security checks to ensure that security risks are eliminated before data are hacked. External security checks will also help protect then because even if the attackers got into the network, it would be difficult for them to transfer data without restriction (Loader & Thomas, 2013). Above all, Sony should protect its identity online, especially when giving out personal information. Emails that ask for username and password confirmation should not be replied because hackers could scam them.