Sony CEO and Secretary Shared 'TMI'
The recent hacking at Sony is a good example of a simple lapse in security practices that can lead to very complex (and expensive) consequences. The Associated Press has revealed that "Sony's CEO regularly was reminded in unsecure emails from his executive assistant of his own secret passwords."
According to a review of more than 32,000 stolen corporate emails circulating on the Internet, Sony CEO Michael Lynton routinely received copies of his passwords in unsecure emails for his and his family's mail, banking, travel, and shopping accounts from his executive assistant, David Diamond. Other emails included photocopies of U.S. passports and driver's licenses, and attachments with banking statements.
Confidential information is often shared with executives and their assistants as they feel that their communications are safe and secure. The fact that Sony's CEO regularly received emails with his passwords was particularly a problem for Sony because hackers who steal corporate data often will immediately search for the word "password" or a variation of the word across thousands of messages.
These types of careless communications are not just happening at Sony. Organizations, big and small, engage in sloppy password-sharing practices daily. It's a simple fix for 2015: don't send unencrypted/unprotected e-mails or text messages with password information. If you need a password sent to you, pick up the phone... or, figure out a way to memorize your passwords!