E-mail or E-fail? The dangers of sharing sensitive information

Email security concerns

Why hitting ‘Send’ on that next email isn’t as simple as it seems.

Email has fast become the go-to form of communication in the digital era.

When you consider just how busy, and increasingly disparate boards, trusts and enterprises are these days, it’s easy to see why. In mere seconds, you can draft an email to a member of the board, staff, or clients anywhere, at any time. Simply attach the relevant file, and hit “Send”.

It’s little wonder the average office worker sends over forty emails per day.

The problem? Emails and attachments sent in confidence might not actually be confidential.


Email – A necessary evil in the early digital era

Email security flaws

In our earlier post on the potential causes of a data breach, email topped the list. There’s a good reason for that. The speed at which organisations have had to transition away from aging, analog processes has seen many embrace insecure digital solutions that is leaving their sensitive information vulnerable to an attack.

Avatier reported in 2017 that there were some 6,789 email data breaches globally in the space of just two years. So while it may be easy to use, the simplicity of sending an email belies a communication channel that’s inherently insecure.

Here’s why:

1. It’s insecure and easily intercepted

Whether you use private services or public, consumer-grade options like Gmail, emails are vulnerable to a range of attacks that put what should be private conversations at risk of being read by third parties.

Certain viruses, DNS Redirects, and Sniffers are just a few of the present-day threats that can work their way through email servers and to your sensitive information. Often without you even knowing.

2. Encryption isn’t as secure as you might think

Most organisations rely on encryption as a fail-safe, as it’s meant to ensure data is protected by scrambling an email’s contents so that only the recipient – with the requisite authentication – can see, read, and download.

That said, most encryption solutions are far from foolproof. In fact, it’s that false sense of security that can often leave you most vulnerable to attack. If your email services aren’t taking advantage of industry-leading encryption, there’s no guarantee they won’t be cracked.

3. There’s no accounting for human error

When we talk about security, the focus is always squarely on technology.

The fact is, it’s often the mundane issues that prove to be an organisation’s undoing. The strongest security protocols in the world can’t account for user error or typos in the “To:” field, let alone the 69% of employees who willingly bypass security and privacy policies to access work emails on insecure personal devices.

4. Email servers are prone to attack

Emails pass through many hands on their journey from sender to recipient, often seeing them stored in the cloud – or on servers – which themselves are at risk of malicious attacks. In many cases, attackers are able to get in, access this information, and then get out long before anyone is aware of the breach.

5. Files sit on the sender & recipient’s device

Once an email is sent, it’s stored in your Outbox and the recipient’s Inbox. That’s why a laptop, mobile device, or just about any piece of technology left on – and logged in – is an easy ingress point for partners, disgruntled co-workers, or even rogue employees who are looking to access this information.


The security stats? They’re sobering…and so are the costs

The cost of email breaches

If the above examples don’t have you reconsidering composing that next email, then these facts, stats, and figures really should. Email’s convenience comes at a cost. Quite literally:

Did you know?

  • In 2004, AOL lost upwards of $400,000 following an internal data breach which saw the details of some 92 million AOL accounts sold to spammers by one of the company’s former software engineers (Source).
  • Yahoo’s $4.8 Billion sale to Verizon almost fell through in 2016, after the company revealed all 3 Billion of its users’ accounts were breached across 2013 and 2014 (Source).
  • Back in 2017, 2.2 million Wishbone user email addresses were exposed (Source).
  • In that same year, 36,000 Boeing employees’ email addresses as well as personal information were compromised after a staff member emailed the file to their spouse for help with formatting (Source).

Consider the fallout if the last email you sent containing sensitive information, IP, or important data was accessed by an unauthorised third-party. What would the fallout be? Information could be leaked online, sent to the press, or even held for ransom.

There’s the legal and financial ramifications to consider, too. New and existing legislation such as GDPR is placing increased responsibility on the shoulders of those who deal with sensitive data to keep it safe, with hefty fines already being handed out for “…inadequate technical and organisational measures to ensure the protection of information security.


It’s time to say ‘sayonara’ to insecure communication channels

The revelation that email isn’t as secure as it seems often leads to one of two outcomes: organisations either shun digital solutions entirely in favour of analog processes from ‘the good old days’, or they shrug their shoulders and continue with business as usual as they lack a more effective solution.

Early on, Stellar identified this need to be able to securely access and distribute sensitive information while circumventing emails entirely. In order to do so requires a comprehensive business platform that doesn’t store files on user devices but, instead, harnesses the power of the cloud to provide anytime, anywhere access on any device.

When coupled with industry-leading encryption, the ability to revoke access on the fly, and advanced proprietary encryption technology that ensures documents are completely invisible without prior authorised access, boards as well as trusts and enterprises are finally able to share without the fear of becoming yet another statistic in a long line of email breaches.


Related Articles:

Previous Post
Data Breaches: Keeping Documents Secure In The Digital Era
Next Post
Security In A Mobile World: Keeping mobile devices & data, safe