Intended or not, the full impact of the recent cyber attack on Sony Pictures Entertainment has now gone well beyond the walls of a single, lavish boardroom in sunny California.
The headline-grabbing hack certainly sent Sony’s reputation into a spiral after a series of embarrassing emails between company executives and its A-list clients were made public.
Three months later, the company continues to struggle to cap the fallout, while nervous corporate leaders around the world watch the situation carefully and worry about who will be next.
Canadian companies are no exception. A new report by KPMG tracking audit trends in 2015 suggests companies on this side of the border are taking cyber security and reputation risk management more seriously than ever before.
Security “is a very real threat to really any organization of any size these days,” saysPaul Hanley, an advisory partner and KPMG cyber security leader in Toronto, in an interview with Yahoo Canada Finance.
“All organizations have data. It could be your trade secrets, client names, client lists – there is a whole world of sensitive data out there and there is going to be somebody, somewhere that is going to want to get hold of it,” Hanley says.
Among the coming changes, companies (those that haven’t done so already) are expected to begin beefing up corporate networks and systems to limit exposure of sensitive corporate information and prevent it from falling into the hands of cyber criminals, and even corporate competitors.
To better protect their data, some companies that work across borders will no longer permit employees to take their laptop computers into certain high-risk countries, but rather will issue so-called “clean” laptops that have no company or client-related data on them.
And we can also expect new “audit committees” to begin removing the last vestiges of authenticity from corporate Tweets through a rigorous social-media vetting process that will limit what CEOs and CFOs say regarding corporate metrics and performance.
“What we are seeing is organizations are getting much more concerned about the risk of security, understanding with much more clarity what those risks are and making informed decision to address those risks,” said Hanley.
Hasan Cavusoglu, associate professor at the University of British Columbia’s Sauder School of Business, says companies can’t afford to be sloppy when it comes to cyber security.
Never mind the outside threat. The rise of social media, in particular, has left corporations vulnerable to inadvertent disclosures of company activities that can harm its reputation, embarrass its leaders and reveal valuable secrets to the competition.
Cavusoglu says social media can also blur the lines between personal view versus corporate identity, thus creating a potential nightmare situation for company public relations.
To get around that, he says, “You have to create a culture where people are aware of the potential dangers that can take place in the connected environment.”
Jana Seijts, a lecturer in management communications at Western University’s Ivey Business School, said the Sony Pictures example highlights the need for companies to adopt or strengthen a reputation management strategy, one that includes clear steps on how staff and executives communicate both internally via email and externally on social media platforms.
Yes, it’s true “companies are no longer being as authentic as we would like them to be. They’ve had to become more savvy with how they communicate,” she says.
But the alternative is far worse.
“It boggles the mind that they (Sony executives) would not have assumed that their messages could be hacked in this day and age,” Seijts says.