E-mail or E-fail? The dangers of sharing sensitive information

E-mail or E-fail? The dangers of sharing sensitive information

Why hitting ‘Send’ on that next email isn’t as simple as it seems.

Email has fast become the go-to form of communication in the digital era.

When you consider just how busy, and increasingly disparate boards, trusts and enterprises are these days, it’s easy to see why. In mere seconds, you can draft an email to a member of the board, staff, or clients anywhere, at any time. Simply attach the relevant file, and hit “Send”.

It’s little wonder the average office worker sends over forty emails per day.

The problem? Emails and attachments sent in confidence might not actually be confidential.

 

Email – A necessary evil in the early digital era

Email security flaws

In our earlier post on the potential causes of a data breach, email topped the list. There’s a good reason for that. The speed at which organisations have had to transition away from aging, analog processes has seen many embrace insecure digital solutions that is leaving their sensitive information vulnerable to an attack.

Avatier reported in 2017 that there were some 6,789 email data breaches globally in the space of just two years. So while it may be easy to use, the simplicity of sending an email belies a communication channel that’s inherently insecure.

Here’s why:

1. It’s insecure and easily intercepted

Whether you use private services or public, consumer-grade options like Gmail, emails are vulnerable to a range of attacks that put what should be private conversations at risk of being read by third parties.

Certain viruses, DNS Redirects, and Sniffers are just a few of the present-day threats that can work their way through email servers and to your sensitive information. Often without you even knowing.

2. Encryption isn’t as secure as you might think

Most organisations rely on encryption as a fail-safe, as it’s meant to ensure data is protected by scrambling an email’s contents so that only the recipient – with the requisite authentication – can see, read, and download.

That said, most encryption solutions are far from foolproof. In fact, it’s that false sense of security that can often leave you most vulnerable to attack. If your email services aren’t taking advantage of industry-leading encryption, there’s no guarantee they won’t be cracked.

3. There’s no accounting for human error

When we talk about security, the focus is always squarely on technology.

The fact is, it’s often the mundane issues that prove to be an organisation’s undoing. The strongest security protocols in the world can’t account for user error or typos in the “To:” field, let alone the 69% of employees who willingly bypass security and privacy policies to access work emails on insecure personal devices.

4. Email servers are prone to attack

Emails pass through many hands on their journey from sender to recipient, often seeing them stored in the cloud – or on servers – which themselves are at risk of malicious attacks. In many cases, attackers are able to get in, access this information, and then get out long before anyone is aware of the breach.

5. Files sit on the sender & recipient’s device

Once an email is sent, it’s stored in your Outbox and the recipient’s Inbox. That’s why a laptop, mobile device, or just about any piece of technology left on – and logged in – is an easy ingress point for partners, disgruntled co-workers, or even rogue employees who are looking to access this information.

 

The security stats? They’re sobering…and so are the costs

The cost of email breaches

If the above examples don’t have you reconsidering composing that next email, then these facts, stats, and figures really should. Email’s convenience comes at a cost. Quite literally:

Did you know?

  • In 2004, AOL lost upwards of $400,000 following an internal data breach which saw the details of some 92 million AOL accounts sold to spammers by one of the company’s former software engineers (Source).
  • Yahoo’s $4.8 Billion sale to Verizon almost fell through in 2016, after the company revealed all 3 Billion of its users’ accounts were breached across 2013 and 2014 (Source).
  • Back in 2017, 2.2 million Wishbone user email addresses were exposed (Source).
  • In that same year, 36,000 Boeing employees’ email addresses as well as personal information were compromised after a staff member emailed the file to their spouse for help with formatting (Source).

Consider the fallout if the last email you sent containing sensitive information, IP, or important data was accessed by an unauthorised third-party. What would the fallout be? Information could be leaked online, sent to the press, or even held for ransom.

There’s the legal and financial ramifications to consider, too. New and existing legislation such as GDPR is placing increased responsibility on the shoulders of those who deal with sensitive data to keep it safe, with hefty fines already being handed out for “…inadequate technical and organisational measures to ensure the protection of information security.

 

It’s time to say ‘sayonara’ to insecure communication channels

The revelation that email isn’t as secure as it seems often leads to one of two outcomes: organisations either shun digital solutions entirely in favour of analog processes from ‘the good old days’, or they shrug their shoulders and continue with business as usual as they lack a more effective solution.

Early on, Stellar identified this need to be able to securely access and distribute sensitive information while circumventing emails entirely. In order to do so requires a comprehensive business platform that doesn’t store files on user devices but, instead, harnesses the power of the cloud to provide anytime, anywhere access on any device.

When coupled with industry-leading encryption, the ability to revoke access on the fly, and ghost file technology that ensures documents are completely invisible without prior authorised access, boards as well as trusts and enterprises are finally able to share without the fear of becoming yet another statistic in a long line of email breaches.

 

Related Articles:

Data Breaches: Keeping Documents Secure In The Digital Era

Data Breaches: Keeping Documents Secure In The Digital Era

Why your documents are under threat, and what you can do about it.

Not long ago, Credit Card details were the prime target of cyber attacks around the world.

Nowadays? Things are a little different. Data and information including board documents, medical records, and valuable intellectual property are an increasingly sought-after commodity. In this digital era, information is valuable. Very valuable.

If you don’t know why this should scare you, chances are you haven’t been paying attention. Boards, trusts, and enterprises are fast becoming the new hub of sensitive data, insider secrets, as well as confidential information.

Opportunists, insiders, or even state sponsored hackers have a new target in their sights: you.

 

Is it secret? Is it safe?

Working on sensitive documents

Dive a little deeper, and it’s easy to see why.

With a wealth of valuable information at its fingertips, your organisation, its executives, and even senior staff are now the prime target for a cyber attack. Managing Director of the Information Security Forum – Steve Durbin – talked to CIO’s Bob Violino in 2018 and had this to say on the topic:

“…it is no longer restricted to the boardroom. Personal assistants, systems admin staff, pretty much anyone who has the ability to provide access to the determined cyber criminal on the hunt for valuable information are now in play.”

This access to valuable data has cyber attackers knocking on your door, but it’s your insecure processes that leave it unlocked. How so? Many organisations rely on insecure digital solutions as they transition from a paper based world or, as is the case with many, remain in limbo between digital and analog.

It’s only a matter of time before these stop-gap solutions put your data at risk.

As we’ve discussed in the past, a cyber breach is a matter of “When”, rather than “If”. Could your organisation confidently say at this moment in time that it’s doing everything it reasonably can to protect clients and the data it has access to?

 

Your information, for sale to the highest bidder

Your sensitive files

The repercussions of a data breach can be catastrophic.

Recovering from the loss of valuable data as it’s destroyed, stolen, or sold to the highest bidder is difficult enough, let alone the potential financial and legal ramifications if it’s found you neglected your responsibility to keep this data safe. As highlighted below, those costs are only increasing:

Did you know?

  • In 2018, data breaches cost $654 Billion and exposed over 2.8 billion data records including usernames and passwords, banking information, and personal health info in the US alone (Source).
  • According to IBM the costs associated with a data breach have risen 12% over the last 5 years, now sitting at an average of $3.92 million (Source).

If you want to make it easy for attackers to access your valuable data, then by all means continue with business as usual. But if you’re serious about keeping data secure, it’s time to consider changing the way you do things.

 

Three sensible strategies for staying secure

1. Stop sending sensitive information via email

Email is fast, familiar, and convenient. It’s also highly insecure. Despite what you write in the “To:” field, there’s no guarantee that the intended recipient is the only one who’ll be reading the message you send or, more importantly, the files you attach.

Giants of the industry like Yahoo and Gmail have both suffered massive breaches in the past, proving that even the most secure systems can fail. In order to keep data safe, you should switch to a solution that allows you to securely share files without leaving important documents sitting in email inboxes.

2. Use cloud based solutions that prioritise encryption

Not all cloud-based solutions are created equal. Services like DropBox or Google Drive make it easy to collaborate, store, and share files, but if recent security concerns and data breaches are anything to go by, they might not be as secure as you think.

They’re convenient. Sure. But they also provide limited functionality and control. Others? They fall back on weaker security protocols to ensure they’re not ‘getting in the way’ of the end-user. It’s a recipe for disaster.

Relying on these services as your ‘digital’ solution is a case of one step forward, two steps back. Instead? Look for specialised solutions that prioritise multi-level security protocols and AES 256-Bit Encryption, as well as keep files hidden to those without access to the platform.

3. Strictly monitor the use of personal devices

It isn’t uncommon for time-poor staff or board members to take their work home with them. Trouble is, the work and home environment are completely different from a cyber security perspective. One is strictly monitored by your IT staff, while the other uses insecure connections, outdated systems, and is at a greater risk of phishing, malware, or viruses.

If you can’t live without out-of-office access, then you need to switch to a solution that allows users to access and work on documents safe in the knowledge you can instantly revoke access if devices are lost, stolen, or compromised.

 

The right solution makes keeping documents safe, simple

Over the years, Stellar has found that few business platforms are able to tick all of the boxes, let alone the few we’ve outlined above today. This leaves many organisations having to compromise in order to get their work done.

With the right solution, though? Stellar has seen countless organisations finally able to operate with complete confidence, taking advantage of the anytime, anywhere promise of the cloud while being able to share files away from insecure channels.

It’s the best way to keep data safe from the ever-increasing range of cyber-security threats

Paper Trails: The Unseen Costs Of An Analog Approach In The Digital Era

Paper Trails: The Unseen Costs Of An Analog Approach In The Digital Era

Why working with paper is destroying your productivity

Does your organisation still work with paper?

In this digital era, it’s more common than you might think. Technology is all well and good, but for those that have spent years using paper, it can be scary. It also isn’t always the easiest to set up, use, or understand.

Yes, you know paper can be costly. There’s the annual cost of ink, toner, and storage. But this is a price many organisations such as yours are willing to pay in order to retain the familiarity of an analog approach. If it ain’t broke, don’t fix it…right?

You may think you know the costs…

…but it’s the drain on time, resources, and visibility that could be costing you more than just ink.

 

Familiar, yet fallible

Working with paper documents

Paper may not be broken, but it is breaking.

Analog processes like paper were never designed to cope with the sheer amount of data modern organisations are currently having to manage. It’s a logistical nightmare. As a result? Your organisation’s time, money, and valuable data is slipping through the cracks.

Let’s use a single board document as an example. Preparation alone sees secretaries wasting time searching through paper documents strewn across desks, stuffed into filing cabinets, or archived in boxes stacked ceiling-high. That’s before documents are printed, or distributed.

Did you know?

  • Software Advice found that staff in analog-based workplaces spend an average of six hours per week searching for paper documents, and over 8 hours a week manually creating reports based on information compiled from paper documents (Source).
  • A 2018 survey by Nintenx found that 39% of those interviewed observed broken document management and sales processes within their organisation. This includes (Source):
    • 49% have trouble locating documents
    • 43% face difficulties with document approval requests and sharing
    • 33% struggle with document versioning

Now, say that information changes, updated sales figures come through, or the agenda shifts at the last minute. What happens next? You can’t update a multi-hundred page, printed document on the fly. Let alone the copies now in the hands of board members.

Changes need to be made manually, which means editing, re-printing, and re-distributing. Again.

Once the meeting is over, you’re left chasing the paper trail as updates or amendments have been scribbled in the margins. These now need to be collated, tracked, and then worked back into a new revision. That’s assuming none of them are skipped or simply missed in the process.

Surely there’s a better use of your time.

 

Time flies when you’re working with paper

The cost of paper processes

If time is money, why are you wasting so much of yours on paper?

Consider the time, energy, and money spent in our earlier example. Now extrapolate that cost across multiple documents in a given day, and then multiply that by days in the week, weeks in the month, and months in a year.

You get the idea.

As for the literal cost? The team at PA Life crunched the numbers and what they found is staggering:

“Offices across the UK are so disorganised they are losing over one million hours a week searching for misplaced documents, that’s seven days a year for each worker and is costing UK businesses £20 million a year in wasted time.”

This hit to your organisation’s productivity and bottom-line should be reason enough to embrace change, but that’s peanuts compared to the potential costs associated with the increased risk of misinformation, misdirection, and general mismanagement as vital information falls through the cracks.

There’s no clear idea as to which version of a document is the most up-to-date. There’s no guarantee that everyone’s notes and changes have been worked through, let alone seen. And there’s no way to speed up the process, because you’re working with paper.

If you’re committed to minimising costs and maximising productivity, you need a better solution.

 

Save time and money with a digital solution

Earlier on we highlighted just how hesitant many organisations can be when it comes to embracing digital solutions. We get it. It’s not always easy to make the switch. That’s how we identified the need for a solution that allows for a seamless transition away from a paper-based environment that’s as easy to set up as it is to use.

By removing the usual hurdles that trip up many that look to make the switch, Stellar has found that organisations are far more likely to ditch the paper documents in favour of a centralised business platform that improves their flow, efficiency, and productivity.

With the right solution you’ll boost visibility while saving time and, in turn, money.

 

Related Articles:

Disaster Recovery: How Prepared Are You, Really?

Disaster Recovery: How Prepared Are You, Really?

Thunderstorms, fires, and floods all pose a serious threat

Discussions concerning data and document safety are often preoccupied with the virtual world; insecure communication channels and pressing cybersecurity threats. But how much thought have you given to the threat posed by natural disasters?

Storms. Floods. Fires. Even hurricanes and earthquakes. Natural events like these can strike at any time, and with little warning. Whether your organisation still relies on paper documents or has transitioned to a digital solution such as Dropbox, Drive, or Email, your data may still be at risk.

In fact, a recent study carried out by Gartner Group found that only 6% of businesses that lost critical data via natural events survived the fallout. 43% went out of business for good. A further 51% went under within two years.

You have policies and procedures in place for keeping staff safe when disaster strikes…

…so why not your data and documents, too?

 

Important documents? They’re all fuel for the fire

Fire damage

You may be thinking that the way you manage your documents means you’re already prepared for the worst. Well, not exactly. You also wouldn’t be the first to make that assumption. Organisations continue to fall into the trap of thinking that storing files off-site or having digital backups is enough.

Unfortunately, this isn’t an effective way to mitigate against a disaster.

In fact, it’s this approach that puts your documents at increased risk.

Let’s take a look at physical, paper documents as an example. Whether they’re stored on-site or off, a fire or flood can leave documents damaged beyond repair. This could be caused by something as simple as faulty wiring or a burst water pipe.

Did you know?

  • A FEMA study found that 40% – 60% of businesses never reopen following a major disaster, and less than a third of those survive another two years before closing their doors for good (Source).
  • That same study showed a staggering 9 out of 10 businesses will close within the 12 months if they don’t reopen within five days of a natural disaster due to data loss, lost income and productivity (Source).
  • In the wake of Hurricane Sandy, a survey by Wakefield Research discovered that 30% of those surveyed said they would never be able to recover or recreate all of their important business data if it was lost during a natural disaster (Source).

Digital files and Cloud backups may feel like a safer bet, but that’s largely a false sense of security.

Just because you can’t physically see or hold a file doesn’t mean it isn’t susceptible to damage. Those files are stored on a computer somewhere in the world – whether it’s your internal network or a global provider – so if disaster strikes, those servers and the files contained within could be gone for good.

The Cloud may be simple and easy to use, but even this can come falling down.

 

You can’t put a price on irreplaceable documents

Water damaged documents

The financial costs associated with any kind of natural disaster are already high. There’s the damage to physical property, lost productivity, and lost business. While insurance may cover the costs of rebuilding, what dollar value do you place on invaluable documents that…simply can’t be recovered?

The best case scenario you can hope for can still have wide-reaching ramifications. You’ll temporarily lose access to digital files stored in the Cloud as internet connections and IT infrastructure is brought back online. At worst? You’ll irreversibly lose important data, documents, and information.

The chances that you could suffer from one of these events is only increasing. In a post over at Phys.org, the team warn that the rate of natural disasters is only going to increase in the coming years:

“In a warming world, the dangers from natural disasters are changing. In a recent commentary, we identified a number of costly and deadly catastrophes that point to an increase in the risk of “cascading” events – ones that intensify the impacts of natural hazards and turn them into disasters.”

If you’re not properly prepared for these ‘When’ not ‘If’ scenarios?

Your data could quite literally go up in flames, and your business with it.

 

Disasters happen, but you don’t need to lose your data

We’ve identified that paper documents are susceptible to damage, and digital solutions that harness the power of the Cloud pose their own set of challenges. So where to from here? Early on it became clear to Stellar that organisations need an independant, isolated repository for complete peace of mind.

This repository forms one part of a wider business platform, providing a place for organisations to store, share, and access files without solely relying on the Cloud. Where other software packages require a constant connection, this repository allows files to be accessed even when you’re offline.

This added data redundancy ensures that files are kept in two places at once – while also kept secure – so when disaster strikes, your data isn’t affected. In fact, it’s never been easier to pick up where you left off and keep working while business returns to normal with access anywhere, anytime, on any device.

With this level of support, you can ensure your data makes it through a disaster unscathed.

 

Related Articles:

IP Protection: Are Your Distribution Channels Putting Your Trade Secrets At Risk?

IP Protection: Are Your Distribution Channels Putting Your Trade Secrets At Risk?

Sharing important information is no longer as simple as hitting “Send”

In the past we’ve highlighted the struggles of securely storing data and documents, but what about sharing them? Like most organisations, you likely use a combination of physical (courier) and digital (email, Dropbox, or even Slack) services to send and receive information on a daily basis.

Your reasons for doing so may seem sound at first. They’re familiar, straightforward, and easy to use. Especially when you need to get information out to internal staff, sales teams out on the road, or clients at home or abroad in a timely manner.

But the work you do to keep this information safe could be undone as soon as you hit “Share” or “Send”.

Why? Because today’s common distribution channels are flawed, easily accessed, and highly insecure.

Familiarity breeds complacency

Sending documents via email

Just because a distribution method is familiar, doesn’t mean it’s secure. While you may not have had any issues to-date, this false sense of security can see you playing a dangerous game of Russian roulette with your organisation’s sensitive data and information.

Once you send an email attachment or post a document, for example, you’re giving up control. The paper trail ends here. It goes cold.

You’re no longer able to track, trace, or monitor what happens to this information.

Did you know?

  • According to Accenture, there are more than 130 large-scale data breaches in the U.S. per year alone, and that’s growing by a staggering 27% per year (Source).
  • Google recently revealed that hackers steal over 250,000 sets of login information for services like Gmail each and every week (Source).
  • The average number of breached records per country hit 24,089 back in 2017, and that number has only increased since then (Source).

Out of sight, out of mind” may be a popular phrase, but it isn’t a responsible way to share your organisation’s most vital information. We also understand that it isn’t always a conscious decision. Urgent or last-minute situations can impair your better judgement, as you turn to fast yet insecure channels to get time-sensitive information to those that need it the most.

It’s fine, so long as the information gets to where it needs to go…right?

Your sensitive files, there for the whole world to see

Sensitive files

Let’s take email, for example. You’re in a hurry as you go to send an important report, financial documents, or trade secrets that are currently under NDA. You don’t notice the typo in the ‘To:’ field before you hit send, and now this information is sitting in the wrong inbox.

What recourse do you have?

Unfortunately, not much. That’s it. You’re stuck. The recipient doesn’t have authorised access, but they can still open, print, or share this file. Whether it’s an attachment or a link to a Dropbox or Drive folder. It isn’t invisible, and it isn’t protected. You have zero control over what happens to this information now. It could be misused, mishandled, or passed onto the press.

Did you know?

  • Accenture also found the most expensive component of any cyber attack is information loss, which accounts for 43% of the overall costs (Source).
  • When you consider the hit to a business’s reputation, diminished goodwill, customer turnover, and the cost of lost business following a data breach, reports pin the overall costs at $4.13 million per U.S. company (Source).

It’s also important to consider the growing, ever-present security threat among many common software packages, as well as an increasing number of cyber attacks on businesses and corporations as highlighted earlier. Insecure distribution channels are just that – insecure – which makes them an easy target for unauthorised third parties.

Robert Ackerman from TechCrunch says much the same thing. Back in January, he looked at the year ahead and came back with some sobering thoughts on the state of cyber security threats moving forward:

“No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in the new year as chronically improving malware will be deployed more aggressively on more fronts.”

You may think your organisation’s security is already top-notch, but there’s no accounting for the recipient’s approach to file security. Do they use the same, easily-guessed password for every email account, for example? There’s no guarantee they’re as careful as you are, which could see their Slack, email, or Dropbox accounts hacked and your files easily accessed.

Now more than ever, you need a way to distribute information that keeps it away from prying eyes.

Keeping information secret and safe should be simple

From the beginning, Stellar found that organisations were struggling to find a solution that allowed them to quickly and easily share important data and information while also keeping it secure and out of the hands of unauthorised third parties.

A central platform that has multi-level security protocols and encryption at its core is an important factor, but it’s industry-leading features like Ghost File software encryption technology that truly keeps sensitive information away from prying eyes. Literally.

Ghost File technology means files are invisible and unreadable by other software, so only those with authorised access to the program are able to see your documents, let alone open, read, or share them.

This kind of peace of mind is difficult to come by, but we’ve found that organisations employing a central business platform are able to share, send, and collaborate safe in the knowledge that everything is kept secure.

Related Articles:

Stellar Version 4 Now Available

Stellar Version 4 Now Available

Latest update brings new features, as well as a look at what’s next

In our continued efforts to provide complete control, visibility, and security for your organisation we’re happy to announce that Version 4 of Stellar is now available to all users. This release includes a number of exciting new features, including Sticky Notes, Two Factor Authentication, and new Reader Apps for both PC and Mac OS.

We recommend all those currently using Version 3 to update to this latest release. You can find links to Stellar 4.0 at the bottom of this page.

 

Stellar just got better. Here’s how:

  • Sticky Notes
    Our new ‘Sticky Note’ functionality headlines the Version 4 update, working like a digital version of a Yellow 3M Sticky Note. This new functionality allows the author to share content with the whole group, or stay private. When notes are shared publicly, anyone within the group can reply, allowing users to easily track conversations in a given thread.
  • Two Factor Authentication
    Stellar’s already industry-leading security has seen an improvement, with the addition of two factor authentication which further improves security and provides additional peace of mind for users.
  • Faster Synchronisation
    We’ve sped up the synchronisation process between the app and the cloud server, so all data such as annotations can be made, stored, and backed up that much more quickly.
  • Enhanced Agenda Making Processes
    You can now upload an entire folder into the collection, and Stellar will automatically generate a collection for you in seconds. This further reduces the administration time required to put together an agenda. You can even have video as part your Agenda pack!
  • Modern UI
    Stellar is now even easier to use, with an updated user interface that keeps up with the current trends.
  • Improved Annotation Features
    Annotations are now more responsive, and easier to use.
  • Improved Reporting
    Access and retrieve vital information with just a click of a button.
  • Electronic Voting
    Quickly and easily reach a consensus with Stellar’s new built-in electronic voting, which enables the group to vote on important issues within the document without relying on email or a show of hands.
  • New Apps For Both PC and Mac OS
    Stellar’s Reader App is now available across both PC and Mac OS, making it easier to keep up-to-date while you’re out and about or on the go with easy access via your laptop.
  • Beta App For Administration
    Administrative tasks no longer require a web browser. Instead, you can now carry out your administrative duties from within the app itself, which further enhances security and stops any unnecessary attacks through unknown web plugins.

 

What’s on the horizon?

Stellar is only going to continue to get better.  Give us a call or email: supports@stellarlibrary.com if you want to know more around the features we have on the horizon.

Stellar is a secure business platform for mobile devices such as tablets, laptops and smartphones. Our intuitive, cloud-based software gives you complete control and visibility of all the confidential, operational and sensitive data for your organisation and simplifies workflow, irrespective of industry type.

If you've got any questions or would like an online demonstration
Call: 0800 882 221 or +64 7 928 2233
Email: sales@stellarlibrary.com

©2019 Stellar Library | Terms | Privacy Policy | Sitemap