Email Insecurity

News and information from the Advent IM team.

At Symbol

This time of year, there is an upsurge in phishing and other malicious emails for us to contend with. From phony delivery notices to hoax PayPal problem emails, our inboxes are awash with attempts to invade, defraud and otherwise cause us chaos or loss. So the news that people are not taking the threat from email seriously after all the years of phish and spam, is worrying to say the least. Advent IM Security Consultant, Dale Penn, takes a look at the facts.

For far too many people, email security isn’t an issue until it suddenly is. Often, people won’t take threats against email seriously, believing that data breaches only happen to large companies as these are the only breaches that are reported in the news.

Alternatively, companies tend assume that email security is just something that’s already being taken care of as they have purchased the most up to date  technical defences such as anti-virus firewalls, Data loss prevention software etc etc, and it’s true that these can help in a layered approach however one large piece missing from the puzzle is education and awareness.

SC magazine reports that 70% of Brits don’t think that email is a potential cyber threat. And almost half admit opening non work related or personal emails at work.

Corporate Email Vulnerabilities

Bring Your Own Device (BYOD)

This refers to the practice of employees to bringing personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to using those devices to access privileged company information and applications.  This corporate ‘bring your own device’ trend is on the rise, according to a new study.

Ovum’s 2013 Multi-Market BYOD Employee Survey found that nearly 70% of employees who own a smartphone or tablet choose to use it to access corporate data.

The study surveyed 4,371 consumers from 19 different countries who were employed full-time in an organisation with over 50 employees.

Computer bugs red greyThe study has discovered that 68.8% of smartphone-owning employees bring their own smartphone to work, and 15.4% of these do so without the IT department’s knowledge. Furthermore, 20.9% do so in-spite of a BYOD policy.

These statistics are quite alarming as uncontrolled devices accessing corporate information represent a significant vulnerability.

Uploading to Personal Email account or Cloud Account

It doesn’t matter how strong your security standards are, or how much money you’ve dumped into the fanciest, most secure cloud storage systems, often employees won’t use them preferring to bypass red tape and send the information to uncontrolled home accounts therefore bypassing any company security.

Risk - Profit and LossWe’d all like to think that those that hold upper management positions in our businesses have higher standards, especially when it comes to security, but the statistics don’t lie. In a Stroz Friedberg survey, almost three-quarters of office workers admitted to uploading their business files to personal accounts and senior managers were even worse, with 87% of them failing to use their company’s servers to store sensitive company documents.

Conclusion

The fact of the matter is that the general security culture of the UK is not as it should be. The public in general (and many organisations) are unaware of, or not interested in applying, the most basic security principles to protect their personal information

Recognising this culture is the first step in treating it. Individuals still treat cyber-attacks with a degree of separation and the view that “it will never happen to them”.  Few people realise that a cyber-attack could potentially be as invasive and disruptive as a physical home invasion. Few people leave their house without taking appropriate security steps. We need to introduce awareness to the masses and embed the culture that has them locking there cyber door as well as the ones at home.

Top email Security tips

  1. Share your e-mail address with only trusted sources.
  2. Be careful when opening attachments and downloading files from friends and family or accepting unknown e-mails.
  3. Be smart when using Instant Messaging (IM) programs. Never accept stranger into your IM groups and never transmit personal information
  4. Watch out for phishing scams. Never click on active links unless you know the source of the email is legitimate.
  5. Do not reply to spam e-mail.
  6. Create a complex e-mail address as they are harder for hackers to auto generate.
  7. Create smart and strong passwords using more than 6 characters, upper and lower case, numbers and special characters i.e. £Ma1l5af3

Share this Post