The most recent data breach at Sony Pictures Entertainment exposed troubling shortcomings in the security framework of the major media corporation. While some of the details surrounding the breach are still murky, authorities and news sources have gained enough information to speculate that the infiltration took place over an extended period of time and revealed a variety of protected employee information.

What is clear is that other companies should learn from Sony's cybersecurity woes. There are measures organizations can take to reduce their susceptibility to these types of attacks. Strong passwords, two-step recognition and strong firewalls can all act as deterrents to online criminals. Most effective of all, however, would be the use of a data center equipped with biometric technology. As the strongest form of access control available, biometric security is trusted by a number of data centers for its ability to control clearance from the front door to the server cabinet.

Sony hack puts employees at risk
Last Monday, a group identifying itself at Guardians of Peace (GOP) claimed responsibility for the Sony hack that leaked five major films and nearly wiped the company's internal records, according to CSO Online. What's worse, though, is the cadre of personal identification information (PII) for Sony's employees that was compromised. This week, over 30,000 human resources documents were made widely available – some of the mundane HR details, like meetings and management details, but also sensitive records.

Directly threatening PII that the hackers revealed included names, addresses, email addresses, passwords, Social Security numbers and phone numbers. Additionally, offer letters, payrolls, background checks and personnel reviews and opinions came out – details that could cause a number of issues within the company.

Those familiar with the attack believe North Korea could have been behind it, while other think the extent of the breach points to an inside source. The GOP suggested it has been collecting data for over a year without detection, meaning there is likely more information they have not yet released.

Bad security practices leads to infiltration
To be sure, modern cybercriminals are masterminds of silently accessing company accounts. More than a few organizations have been hacked this year alone and as security gets tighter, hackers adapt. However, companies should still put their best foot forward when it comes to defense. Mashable reported that one folder from the Sony breach was titled "Passwords" – in other words, Sony did not even attempt to assign a misleading label to one of its own folders full of sensitive information. This is akin to using your first name as your password – Sony has to make it harder than that.

Still, it may not have made a difference. If indeed there was an inside player involved, there may have been precious little Sony could have done to protect its online accounts. One of the only methods it could have used to protect itself would have been the employment of a biometrics-enabled data center. Hackers would be unable to access the data within a physical server cabinet unless they stole the hard drive itself – and biometric access control would prevent that.

Even for situations in which an employee breaks trust and acts against the best interest of the company, there is a biometric solution. The most cutting edge system require two separate, simultaneous biometric identification patterns in order for an individual to gain clearance. That is to say, two employees – both with high-level clearance – would have to conspire together to access a server cabinet protected by this system. So far, data centers that have installed this platform have had no instances of security breaches.