If you’re like me, on some days, email seems to be your primary form of communication. I’m not proud of that, but it’s the truth. Second to email would be our internal instant messaging system. With all of this electronic communication, I abide by the golden rule of never exchanging any confidential or sensitive information via email or instant message. Why? EMAIL IS TOO RISKY!
So let’s take a quick look at the top 10 risks of emails.
- Emails sent to external email addresses (clients, customers, vendors, etc.) are not secured during transmission since they traverse the public Internet.
- Internal emails between co-workers could be at risk during transmission if your organization outsources email hosting.
- If your emails are on a vendor’s web server, your vendor may not have appropriate controls in place to protect your emails from unauthorized internal or external access.
- Emails on backup media may not be secure.
- Mobile devices or personal computers connecting to your mail server have mail downloaded on those systems.
- Employees can access web mail from personal computers and download files and information to those external systems.
- Malware can enter your internal network via emails sent from unprotected systems.
- If simple authentication is utilized (username & password), then phishing schemes, dictionary attacks or simple password guessing can allow intruders access to employee email accounts (see Phishing: Biggest Threat for Healthcare in 2015?).
- Damaging emails can put the company at risk should it become subject to litigation.
- Reputation Risk: The Sony Hack.
So how do you protect yourself? The best protection is to NOT use email to exchange confidential or sensitive information. Several secure email solutions exist, such as ZixCorp Email Encryption Services, Barracuda’s Email Security Service and Cisco Email Security, but each of the risks identified should be assessed before implementing any secure solution.