Are Emails Your Weak Link?

Email is easily the best used online tool in organisations today. Quite literally, trillions of emails are sent on an annual basis and yet it still remains the weakest link in many company’s online security systems.

Industry professionals, such as Dr Aleksandar Valjarevic (head of professional services at LAWtrust) believe that email will always be the weak link as it was never designed to be secure. Instead, the intention of email was for it to be simple and quick to use. Which it is! Valjarevic states “Even as technologies used by businesses change and evolve, such as web-based portals and cloud-based services, email is not going away and it has not changed.”

Could the problem be that email has not changed over all these years?

With numerous employees in varying positions and departments all using email to send sensitive data, it’s easy to see how they have become a prime target for ransomware and similar. Email interception provides a large number of unsecured victims to cyber criminals armed with superior attack tools and methods. So what are cyber criminals after when they launch an attack on email?

  • Personal details such as credit card particulars, banking details, ID number and similar
  • Passwords
  • Trade secrets
  • Business plans

Where Does The Risk Come In?

You might think that you have a good IT security system in place and qualified and experienced professionals handling your business security – and you probably do. However, that doesn’t mean that your organisation isn’t at risk. By simply clicking on a link or opening an attachment from an unknown source, a computer can become infected with a virus, ransomware or malware. All of which put your sensitive data at risk. It has been found that in many instances, these emails, links and files were opened in error. An error that could have been avoided if the workforce had been properly educated on safe email practice.

If you have ever been a victim of a data breach via email, you will know just what kind of havoc it can inflict not only on a business, but for an individual too.

It’s not just low-ranking desk jockeys using email irresponsibly that put organisations at risk though. Some interesting stats provided in a study carried out by Stroz Friedberg, a cybersecurity firm in the US (keep in mind that these are US based stats), the following was learned:

  • 58% of senior managers had sent sensitive information to the incorrect recipient
  • 83% of senior managers were not sure if they had sent sensitive information to the incorrect recipient
  • Only 17% of senior managers had never sent sensitive information to the incorrect recipient

How Data Breach Affects South Africa

In South Africa alone, a data breach costs as much as R28.6 million. If you’re wondering how that figure is reached, it was released by the Ponemon Institute and is calculated by taking the following expenses of a data breach into account:

  • Loss of business due to downtime while data is missing
  • Damage to both the image and reputation of the business
  • Restoration / recreation of important data

 What is the Solution?

With the Protection of Personal Information Act (POPI) Act being introduced this year, organisations are going to have to take a closer look at how they handle their email use. Here’s what they should already be doing:

  • Automate email security solutions
  • Encrypt all email communications
  • Implement quarantine protocols
  • Automatically block emails that are not to be sent outside of the organisation

If you’re starting to understand that your email could be a weak link in your cyber security, it’s time to up your game. Consult with the professionals about how to ensure that your business is fully protected, and most importantly; make sure that your workforce is educated on best email practice.