Locking the barn door after the horse has gone is a very human response to theft. No matter how many times we are warned, no matter how often we hear reports of burglary, most of us are convinced that it won't happen to us. Well it certainly can and it does. A breach of security at Sony Pictures Entertainment or Target or any number of other big and little corporations with huge databanks can have an effect on anyone, because you never know who has what information about you.
Supposedly impregnable modern banks of data are breached daily by hackers. The burglars of information, unlike the fabled Bonnie and Clyde team of Great Depression era thieves, aren't after just cash. They are not modern day Robin Hood's seeking to equalize the distribution of wealth. There is nothing even remotely virtuous or harmless in their activity. They are, more often than not, bent on nothing more than ruining lives and businesses.
The ongoing revelations about the recent attack on the servers at Sony Pictures Entertainment have been making entertaining news. Was it the work of North Korean government hackers or independent malicious anarchists with a grudge? What was said about this or that star in private internal memos? How much more money did one actor receive for a project than their co-star? What are the major beefs of Sony employees? This train wreck for one of the industry's major players will undoubtedly be very costly, likely millions in lost revenue and clean-up. It is not only the shareholders who lose when a corporation's data bank is hacked. We all lose.
The Sony studio break-in is just the most recent in a long list of major and minor hacks that have had a devastating effect on the acting profession. Some female and a few male stars were humiliated when what they thought were safely stored-in-the-cloud, personal photographs were stolen and made public. Their mistake was in relying on the presumption of corporate security. Never assume that data inside or outside your mobile device or computer is immune from theft. The government is aware of this, having worked both sides of the data security fence. There is no reason why we should be ignorant of the potential for data theft given all the publicity surrounding this scourge.
The reality is that whatever is put into a personal computer or mobile device can be stolen. This is a fact. Everything that we put into digital form is like a diamond in that it lasts forever. Cleaning your hard drive and permanently and completely deleting things from the cloud or from Facebook or any other type of social media, is a lot more complicated than throwing private papers and pictures in a fire or shredding them.
As a professional actor you are in a demanding and competitive business. Your enterprise - you really are an entrepreneur - involves a team, including your agent and perhaps a manager. You and your team communicate through electronic media with casting directors, producers and directors and studios like Sony Pictures Entertainment. Everything that is transmitted digitally including links to social media, your phone numbers and your e-mail address is potentially subject to theft. Your private data is always at risk. It goes to places and is stored in servers over which you have no control whatsoever, and you will have no knowledge of how it is used until it is too late.
As a business you must do a risk assessment. You do not have a say in the security in almost all of the places where your information is stored. This is very different from your home or apartment where you can lock the door or install alarms. This may not be 100 percent effective but at least you are able to do something to reduce risk. In the digital world the reality is you can't do much about security. You can, however, do something about what information you choose to record digitally on your device or computer and what you share. Here is where risk assessment comes in. Assume that anything you write, any digital photograph you take and even the smallest fact about your life you share with friends, is immortal and subject to theft from today to long after you have departed from the earth.
The hacking of Sony's system may have been "unpreventable and highly sophisticated" as management has claimed. The theft and publication of data, some of it sensitive material concerning finance and human resources, can be accepted as part of the risk of doing business. The damage can be overcome with the cooperation of employees, clients and management. What can't so easily be overcome is the destruction of the company's reputation and that of some of its employees. Much of this is a result of a belief at Sony that internal private communications were secure. Unprofessional and frankly stupid comments about people, for example, calling a major star "a spoiled brat," have become public. If the writers of these comments at Sony had exercised some judgement in what constituted appropriate exchanges on e-mail, the damage could have been averted.
What is the lesson to be learned from the Sony hacking and the theft of personal photographs from a server in the cloud? It's really quite simple. If you have to say something that should remain private or you simply must be nasty, brutish and rude which is definitely not good for your business, then do so during face-time not digitally. If you have images that you don’t want in the public domain now or in the future, do everything you can to keep them secure. Don't let them out of your computer either through sharing or inadvertent leakage.
Always keep in mind that as an actor you are a professional, and you alone are responsible for protecting your present and future career. Your potential employers cannot always be expected to have the same sensibilities as you. Your business, an acting enterprise, will evolve. Things will change. What you might not care much about today you will perhaps care about in the future as you and your business mature.
When you do your risk assessment think not just of today and but also of tomorrow. Think of how vulnerable big data banks are and remember they may have data concerning you whether you sent it to them or not. You can't control theft of information. You can't close the barn door with guaranteed results either before or after data escapes, but you can control everything about your horse.
Postscript
The continuing saga of the Sony Hack has the hallmarks of a thriller.
The information delivered to President Obama by the FBI resulted in his imposing largely symbolic sanctions against North Korea. Private cybersecurity firms have entered the fray suggesting that the hack was the work of one or more disgruntled, former Sony employees. The evidence indicates that they are correct.
The destruction of data or wiping of many of Sony's servers plus the release of highly sensitive private information points to a motive of revenge against the company. This is the most common aim in hacking of corporate data after theft of usable financial information like credit card and bank account numbers.
It is almost certain that the patently ridiculous, red-herring in the Sony affair — the warning against the release of the movie The Interview — was intended simply to mislead and confuse. The North Korean government, in all likelihood previously oblivious to the storyline and imminent release of The Interview, always on the lookout for PR, jumped on the bandwagon.
The real story in the Sony hack was the failure of the company to institute up-to-date data security measures which are readily available through cybersecurity providers.
The Sony hack was a malicious act without political motive. It was not aimed at stealing usable credit card numbers. These conclusions do not ease the mind concerning the vulnerability of private information. This shouldn't mean that we all become neurotic about what we post on the internet or deliver to a digital service provider. Most of our content is completely innocuous and most service providers, like Casting Frontier, are continuously adapting to changes in cybersecurity.
