Why hitting ‘Send’ on that next email isn’t as simple as it seems.
Email has fast become the go-to form of communication in the digital era.
When you consider just how busy, and increasingly disparate boards, trusts and enterprises are these days, it’s easy to see why. In mere seconds, you can draft an email to a member of the board, staff, or clients anywhere, at any time. Simply attach the relevant file, and hit “Send”.
It’s little wonder the average office worker sends over forty emails per day.
The problem? Emails and attachments sent in confidence might not actually be confidential.
Email – A necessary evil in the early digital era
In our earlier post on the potential causes of a data breach, email topped the list. There’s a good reason for that. The speed at which organisations have had to transition away from aging, analog processes has seen many embrace insecure digital solutions that is leaving their sensitive information vulnerable to an attack.
Avatier reported in 2017 that there were some 6,789 email data breaches globally in the space of just two years. So while it may be easy to use, the simplicity of sending an email belies a communication channel that’s inherently insecure.
1. It’s insecure and easily intercepted
Whether you use private services or public, consumer-grade options like Gmail, emails are vulnerable to a range of attacks that put what should be private conversations at risk of being read by third parties.
Certain viruses, DNS Redirects, and Sniffers are just a few of the present-day threats that can work their way through email servers and to your sensitive information. Often without you even knowing.
2. Encryption isn’t as secure as you might think
Most organisations rely on encryption as a fail-safe, as it’s meant to ensure data is protected by scrambling an email’s contents so that only the recipient – with the requisite authentication – can see, read, and download.
That said, most encryption solutions are far from foolproof. In fact, it’s that false sense of security that can often leave you most vulnerable to attack. If your email services aren’t taking advantage of industry-leading encryption, there’s no guarantee they won’t be cracked.
3. There’s no accounting for human error
When we talk about security, the focus is always squarely on technology.
The fact is, it’s often the mundane issues that prove to be an organisation’s undoing. The strongest security protocols in the world can’t account for user error or typos in the “To:” field, let alone the 69% of employees who willingly bypass security and privacy policies to access work emails on insecure personal devices.
4. Email servers are prone to attack
Emails pass through many hands on their journey from sender to recipient, often seeing them stored in the cloud – or on servers – which themselves are at risk of malicious attacks. In many cases, attackers are able to get in, access this information, and then get out long before anyone is aware of the breach.
5. Files sit on the sender & recipient’s device
Once an email is sent, it’s stored in your Outbox and the recipient’s Inbox. That’s why a laptop, mobile device, or just about any piece of technology left on – and logged in – is an easy ingress point for partners, disgruntled co-workers, or even rogue employees who are looking to access this information.
The security stats? They’re sobering…and so are the costs
If the above examples don’t have you reconsidering composing that next email, then these facts, stats, and figures really should. Email’s convenience comes at a cost. Quite literally:
Did you know?
- In 2004, AOL lost upwards of $400,000 following an internal data breach which saw the details of some 92 million AOL accounts sold to spammers by one of the company’s former software engineers (Source).
- Yahoo’s $4.8 Billion sale to Verizon almost fell through in 2016, after the company revealed all 3 Billion of its users’ accounts were breached across 2013 and 2014 (Source).
- Back in 2017, 2.2 million Wishbone user email addresses were exposed (Source).
- In that same year, 36,000 Boeing employees’ email addresses as well as personal information were compromised after a staff member emailed the file to their spouse for help with formatting (Source).
Consider the fallout if the last email you sent containing sensitive information, IP, or important data was accessed by an unauthorised third-party. What would the fallout be? Information could be leaked online, sent to the press, or even held for ransom.
There’s the legal and financial ramifications to consider, too. New and existing legislation such as GDPR is placing increased responsibility on the shoulders of those who deal with sensitive data to keep it safe, with hefty fines already being handed out for “…inadequate technical and organisational measures to ensure the protection of information security.”
It’s time to say ‘sayonara’ to insecure communication channels
The revelation that email isn’t as secure as it seems often leads to one of two outcomes: organisations either shun digital solutions entirely in favour of analog processes from ‘the good old days’, or they shrug their shoulders and continue with business as usual as they lack a more effective solution.
Early on, Stellar identified this need to be able to securely access and distribute sensitive information while circumventing emails entirely. In order to do so requires a comprehensive business platform that doesn’t store files on user devices but, instead, harnesses the power of the cloud to provide anytime, anywhere access on any device.
When coupled with industry-leading encryption, the ability to revoke access on the fly, and ghost file technology that ensures documents are completely invisible without prior authorised access, boards as well as trusts and enterprises are finally able to share without the fear of becoming yet another statistic in a long line of email breaches.
Why your documents are under threat, and what you can do about it.
Not long ago, Credit Card details were the prime target of cyber attacks around the world.
Nowadays? Things are a little different. Data and information including board documents, medical records, and valuable intellectual property are an increasingly sought-after commodity. In this digital era, information is valuable. Very valuable.
If you don’t know why this should scare you, chances are you haven’t been paying attention. Boards, trusts, and enterprises are fast becoming the new hub of sensitive data, insider secrets, as well as confidential information.
Opportunists, insiders, or even state sponsored hackers have a new target in their sights: you.
Is it secret? Is it safe?
Dive a little deeper, and it’s easy to see why.
With a wealth of valuable information at its fingertips, your organisation, its executives, and even senior staff are now the prime target for a cyber attack. Managing Director of the Information Security Forum – Steve Durbin – talked to CIO’s Bob Violino in 2018 and had this to say on the topic:
“…it is no longer restricted to the boardroom. Personal assistants, systems admin staff, pretty much anyone who has the ability to provide access to the determined cyber criminal on the hunt for valuable information are now in play.”
This access to valuable data has cyber attackers knocking on your door, but it’s your insecure processes that leave it unlocked. How so? Many organisations rely on insecure digital solutions as they transition from a paper based world or, as is the case with many, remain in limbo between digital and analog.
It’s only a matter of time before these stop-gap solutions put your data at risk.
As we’ve discussed in the past, a cyber breach is a matter of “When”, rather than “If”. Could your organisation confidently say at this moment in time that it’s doing everything it reasonably can to protect clients and the data it has access to?
Your information, for sale to the highest bidder
The repercussions of a data breach can be catastrophic.
Recovering from the loss of valuable data as it’s destroyed, stolen, or sold to the highest bidder is difficult enough, let alone the potential financial and legal ramifications if it’s found you neglected your responsibility to keep this data safe. As highlighted below, those costs are only increasing:
Did you know?
- In 2018, data breaches cost $654 Billion and exposed over 2.8 billion data records including usernames and passwords, banking information, and personal health info in the US alone (Source).
- According to IBM the costs associated with a data breach have risen 12% over the last 5 years, now sitting at an average of $3.92 million (Source).
If you want to make it easy for attackers to access your valuable data, then by all means continue with business as usual. But if you’re serious about keeping data secure, it’s time to consider changing the way you do things.
Three sensible strategies for staying secure
1. Stop sending sensitive information via email
Email is fast, familiar, and convenient. It’s also highly insecure. Despite what you write in the “To:” field, there’s no guarantee that the intended recipient is the only one who’ll be reading the message you send or, more importantly, the files you attach.
Giants of the industry like Yahoo and Gmail have both suffered massive breaches in the past, proving that even the most secure systems can fail. In order to keep data safe, you should switch to a solution that allows you to securely share files without leaving important documents sitting in email inboxes.
2. Use cloud based solutions that prioritise encryption
Not all cloud-based solutions are created equal. Services like DropBox or Google Drive make it easy to collaborate, store, and share files, but if recent security concerns and data breaches are anything to go by, they might not be as secure as you think.
They’re convenient. Sure. But they also provide limited functionality and control. Others? They fall back on weaker security protocols to ensure they’re not ‘getting in the way’ of the end-user. It’s a recipe for disaster.
Relying on these services as your ‘digital’ solution is a case of one step forward, two steps back. Instead? Look for specialised solutions that prioritise multi-level security protocols and AES 256-Bit Encryption, as well as keep files hidden to those without access to the platform.
3. Strictly monitor the use of personal devices
It isn’t uncommon for time-poor staff or board members to take their work home with them. Trouble is, the work and home environment are completely different from a cyber security perspective. One is strictly monitored by your IT staff, while the other uses insecure connections, outdated systems, and is at a greater risk of phishing, malware, or viruses.
If you can’t live without out-of-office access, then you need to switch to a solution that allows users to access and work on documents safe in the knowledge you can instantly revoke access if devices are lost, stolen, or compromised.
The right solution makes keeping documents safe, simple
Over the years, Stellar has found that few business platforms are able to tick all of the boxes, let alone the few we’ve outlined above today. This leaves many organisations having to compromise in order to get their work done.
With the right solution, though? Stellar has seen countless organisations finally able to operate with complete confidence, taking advantage of the anytime, anywhere promise of the cloud while being able to share files away from insecure channels.
It’s the best way to keep data safe from the ever-increasing range of cyber-security threats