No Time for Email Protection Roulette

Written by

After years of being schooled on how to avoid email scams, which means never clicking on suspicious email links and attachments, why are people playing fast and loose with emails sent from home? Is it naiveté or a false sense of security because they are at home that spurs people to hit “send” without thinking about the consequences of emails or attachments containing potentially sensitive corporate or personal data?

Regardless, it’s time to forego the high-stakes game of email protection roulette, especially now. If anything, we should be upping our email security game since work emails aren’t receiving the extra measure of protection afforded by the corporate network.

Now more than ever, extra caution should be exercised when safeguarding not just what’s coming in, but also what’s going out, via email.

Email Usage Skyrockets

Email usage has risen dramatically since March, as doing business shifted from working in offices to a work-from-home world. With some 1.5 billion people now working remotely because of COVID-19, email now is the main conduit for conducting business and communicating with colleagues and customers.

Without the benefit of face-to-face interactions and meetings, potentially sensitive corporate, as well as personally identifiable information (PII), is being shared through the only remaining communications channel: Email. Add to this scenario the fact that many companies were caught off guard and forced initially to allow the use of home computers and in some extreme cases, personal email accounts, which sprung open a Pandora’s Box full of potential protection problems.

It’s no surprise that most security breaches happen via email. Many are unintentional, but as we all know, accidents happen. So, help your employees help themselves by putting certain safeguards in place.

Educate and Automate

It’s irresponsible to leave employees on their own to figure out what falls under the category of sensitive information that should not be shared. Automated software tools that leverage machine learning offer a much-needed safety net as they can find, flag and fix problems by activating appropriate actions.

Better yet, they can identify problematic data at the point of creation, which most of the time is in email. Equally important, make sure employees realize that corporate data doesn’t always reside in bulletproof data centers with million-dollar servers. Instead, today important, and potentially sensitive data is found in-house on Wi-Fi home networks, corporate VPNs and cloud accounts, which bring different performance and security issues to the table.

It’s not hard to realize that residential cable modem and routers can be easily compromised, and therefore present the greatest risk exposure. Corporate VPNs offer a measure of protection, but still are relatively insecure and often have access issues that cause productivity bottlenecks. Cloud-based systems are a better bet as they make it easy to protect data, but as they charge based on usage, can create undue expenses.

Common-Sense Security

Aside from tools that automate email protection, companies would be wise to share common-sense security tips, like “Never, ever use personal email accounts, like Gmail, Yahoo! Mail or iCloud Mail to send corporate correspondence.”

This plea cannot be any clearer: Companies must outlaw the use of personal emails for work use. Period. End of discussion. It’s understood that in the early weeks of the lockdown, the need to sustain revenue and survive resulted in taking chances, but that scenario should not/cannot sustain. Simply put, business survival and employee livelihoods are at stake.

Be sure to set up secure sharing, which permits sending a link while taking the burden off the risk of sending attachments. Another good idea is to use file shares, which are more secure and cheaper than relying exclusively on cloud-based email. Then automate how data content—and context—are identified, classified, and secured for the highest levels of protection.

The Next Normal

Much has been speculated about what the “next normal” will look like in a post-pandemic world. Facebook already has declared that many of its employees will continue to work from home on a permanent basis. The CEO of Box recently tweeted that “the push happening around remote work is as game-changing for the future as the launch of the iPhone.”

Increasing numbers of companies are likely to loosen the leash that traditionally tethered employees to the corporate office. In doing so, however, company security chiefs and IT leaders need to ensure that “data in the wild” is as safe and secure as it was when caged in the data center. Your employees and business are counting on it.

What’s hot on Infosecurity Magazine?