When a business gets hacked and its corporate information is dumped on the Internet for all and sundry to see (albeit illegally), the effects of that breach are obviously devastating for all concerned.

In many ways it’s like the day after a fierce storm has driven a super-cargo container ship aground and beachcombers from far and wide have descended upon the ruptured carcass of metal to cart away anything they think has value or can be sold by the side of road. Mixed in among the spilled contents of the ship’s load are the personal effects of the crew—likely to be treated with the less respect than a crushed shipping container stuffed with sodden boxes of Lego.

The attention being paid to the massive data dumps that have come from the recent high profile hacks, especially the one encountered at a well-known Hollywood studio, tend to reinforce that perspective.

The daily lives of hundreds of employees were suddenly laid bare. And, as if that wasn’t enough, for a sizable period of time before the hack was uncovered, the hackers were using malware distributed throughout the organisations network to eavesdrop on personal communications and steal their credentials.

I think that last point has been missed by many folks.

As employees of our own organisations, we’re all used to the briefings by HR or reading in an employee handbook how our personal Internet use can be monitored by our employers at any time. However, it’s not until an organisation has been breached and hits the headlines that you begin to think about just how much you use work systems to handle personal things in your life. What if the company you worked suffered a hack? How would you feel if some of your personal information was made public?

Getting personal

For example, have you ever logged in to your LinkedIn or Facebook accounts from a corporate laptop or over the business network? Have you ever logged in to your bank account to check your finances or pay some bills online? If you have, then some of that information may have been inadvertently captured by your employer’s security monitoring tools—locked away in logs somewhere.

In a breach the size and sophistication of the recent Sony attack, horribly compounded by the use of malware rootkits, the contents of private communications and login credentials were likely stolen by the hackers—to be used anytime in the future—making the hack deeply personal to the employees unfortunate to have been caught up in the incident.

There are lessons to be learned for all of us though. We often talk with increasing fear that hackers are targeting organisations of all sizes all over the world. But the reality of the situation is that if your employer is a target, then so too are you. And so if your employer is a victim of a hack, then so are you.

Conclusion

In many ways it may be best for employees to view their corporate networks as hostile to their privacy—as let’s face it, all organisations are at risk of cyber attacks nowadays. So you should probably be wary of using your work systems for personal stuff just in case the worst happens.

Whether it’s some pirate raiding a cargo ship off the coast of Somalia or the beachcombers after a storm, it may pay to be overly cautious with your personal Internet communications from networks likely to be targeted by hackers in the future.