• Protected email viewer:
  • Blog
  • FAQ
  • About

2016: What to Expect

Have you ever been a victim of malware or viruses downloaded from email attachments, which did not arouse any suspicion on first glance? I think everyone got into this situation, regardless of how computer savvy you think you are. It is not about the lack of education, but banal carelessness.

Email usage is associated with the direct risk of endangering the company's information security.


Nowadays it is difficult to imagine even one office where employees do not use email. This is an indispensable element of communication between companies and customers.

Such a huge amount of emails being sent every day is a fertile breeding ground for threats to both personal and corporate information security.

The Radicati Group (USA), a research company of information security in networks around the world, presented an interesting analysis of the use of email and made a forecast until 2019 by analyzing the data. Some of the forecasts:

  • About 205 billion emails were sent per day in 2015. This value is expected to grow by an average of 3% annually. According to forecasts, by the end of 2019, the number of email messages sent daily will be about 246 billion.
  • 122 business emails were sent and received by one person per day. This is another proof that email remains the main channel of communication in the workplace.
  • Just imagine how much sensitive information could be transmitted inside those email messages. In the case of disclosure by unauthorized recipients, it can pose a serious threat to companies.
  • Regardless of the device used for sending email messages (a client on your computer, web mail or smartphone), the security risks are the same. Such risks are not simply boring spam. There are others where information security can be compromised.

Spam is not the only risk



Phishing


Phishing is designed primarily to steal money from users. We have already written about the most fancy forms of phishing. Cybercriminals can be anyone from the representative of your bank to a distant relative. It's all just about  getting your personal information - user names, passwords, credit card details and so on.

Malicious code


Most often malicious code takes the form of malicious executable applications (EXE files) that are automatically installed on the device after downloading. Once the program is installed, the attacker gains unauthorized access to the target system and pulls out all the important information from the infected device.

Please note and remember - not all antivirus software can detect malicious code. Just do not click on everything. Is it a go or not?

DDoS-attack


So, the malicious code has already made itself at home on your device and fished everything that it needs. And now comes an adventurous time – a DDOS-attack. Your device has already been infected and now begins to infect other devices on the network with the help of the remote control. In such a way a group of infected devices is formed that sends huge data streams to a server, which eventually will be down.

There are cases when you can get into trouble without infection. For example, the arrival of a large number of incoming emails that overflow the mailbox or cause a host server to malfunction. This may be entertainment for hackers, but it’s a pain in the neck to users.

Insider threat


This type of threat is the scourge of the largest companies, because the attacker is an employee. According to Dr. Eric Cole, a recognized expert in the field of computer security in the United States, the majority of insider attacks inside companies are accidental. Oh, wait! It turns out that the main threat are not hackers... but reckless staff.

ХAlthough hackers can land in hot water too. They create fake accounts and seek to cause harm to the company through the introduction of viruses, worms and other malware. I remember the TV series "Mr. Robot", where a talented programmer turns into an invincible hacker. However, it will be interesting to see to all fans of movies about cyber criminals and those who involved in information security.

But let's get back to reality. It is very difficult to illegally enter the information system of the company, so hackers use social engineering techniques to trick people and make them give out confidential information. Simply put, hackers cheat, and people are easily lured into opening a link, running an infected program, etc. Nowadays hackers are attacking everything and anything by seeking profit everywhere without resorting to special tricks. Here is a simple example: from the thousands of sent emails with the following text “Send me the report on this address, I have no access to working email now” at least one email message will be sent with a report in reply. You can't always correctly judge what is happening whenreceiving such emails. Many factors affect it. They are much more than just carelessness. There is a need for a comprehensive approach to reduce the risk of information security violations by social engineering. We will discuss it later.

The human factor is the main threat to information security



While most organizations are looking for flexible solutions to meet the growing needs in the field of email security, they often forget about humans.

Violation of data confidentiality is often caused by human errors, for example, accidental leakage of information via outgoing emails.

The Norwegian company Safe Send, which deals with the protection of information from insiders, writes in its blog that the security measures within companies are often used only for incoming emails, but outgoing emails are vulnerable too.

The Verizon DBIR report, from one of the largest telecommunications companies in the Western Hemisphere, said that the delivery of the message to the wrong person is the most common mistake that leads to the disclosure of confidential data accounting for 30.6% of the cases.

The percentage of cases involving errors that were preventably committed by internal staff is 60%. I think these figures are catastrophic with regard to the integrity of information security within the company.

All we need is protection



So how can we protect ourselves from email security threats? There is a whole bunch of useful resources on the Internet. Just Google it!

But I've googled it for you and compiled a list of small tips. You are welcome.

  • Never respond to spam. Do not react to it at all.
  • Turn off automatic downloading of email attachments.
  • Use two email addresses: one for work and one for personal use. Here is a detailed post on our blog on that subject.
  • Always use the "blind carbon copy" to protect the recipients while sending an email message to a group of people who do not know each other.

If you are a director, make it a rule to hold a periodic staff training on the most current topics of information security. Tell employees about all known tricks of cyber crooks, how to identify them and how to not fall for them. Distribute reminder cards; you can even hang posters on the walls. It takes a lot less time and effort than restoring a compromised server, reputation and financial position. It certainly will not result in a world without fraud and you can never rule out the possibility that even a trained and attentive employee will not be able to make a mistake; but compliance with all the rules will be able to minimize the risk.

Basic tips for directors:

  • Validate the corporate security policy.
  • Block access to messengers, personal email and social networking on a workplace.
  • Control electronic workflow.
  • Periodically conduct a staff training.

Another important step for the protection of email is encryption of data and attachments. However, if you're reading this post right now, then most likely you use SFLetter.com and already know about this service.  For large companies we have another solution - StarForce E-m@il Enterprise.

Finally, check recipients of your email message, texts and attachments twice before you click "Send"; and check the contents of emails that you receive thrice. It's not so difficult to keep the upper hand against cyber criminals, just follow these simple rules.