Cybersecurity: The crucial email double check Reliance on email is a big cyber security risk – and not just due to the increasing frequency and sophistication of attacks. With the volume of emails sent and received every day, mistakes are inevitable, writes Andrea Babbs, UK General Manager, VIPRE SafeSend. Cybersecurity has quickly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses continuing to increase. Covid-19 has acted as a catalyst for this, with hackers taking advantage of remote workers during challenging times.
Andrea Babbs is UK General Manager, VIPRE SafeSend. She has worked in the IT industry for over 20 years for IT security vendors and resellers dealing with email, endpoint and web security.
Despite innovations and sophistication in hacking methods, one of the main means of data loss is insiders, including employees making mistakes. Humans make errors – stressed, distracted employees will make even more mistakes. And with sensitive information on the line, such as regulatory compliance to safeguarding Intellectual Property (IP), companies are increasingly concerned about the risk of inadvertent data loss. But how can this threat be mitigated? Human Error Business reliance on email is creating a very significant cyber security risk – and not simply due to the increasing volume and sophistication of phishing and ransomware attacks. Given the sheer volume of emails sent and received a day (over 300 billion every day in 2020), mistakes are inevitable. Employees are trusted with company-sensitive information and assets, and many are permitted to make financial transactions – often
40
NZSM
without requiring additional approval. Furthermore, with strict data protection requirements in place, not only GDPR, but also industry specific regulations, organisations clearly require robust processes to mitigate the risk of inadvertent data loss. According to reports, 34 percent of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. Should confidential corporate information fall into the wrong hands, the consequences could be devastating, including financial penalties, loss of trust and competitors gaining an advantage. BitMEX, one of the world’s largest cryptocurrency trading platforms accidentally leaked thousands of private customer email addresses when they sent out a mass mailshot without using the BCC function. But how could this mistake be stopped? What employees need is a way to better manage their email functions, with an opportunity for potential mistakes to be flagged before an individual hits send, for example showing who is in the to, cc and bcc fields. Additional Layers Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting
October/November 2021
