Why Emails Are a Major Obstacle to Data Loss Prevention

You can’t avoid using emails.  

‍

Right now, 347.3 billion are sent each day.  

‍

Despite their lasting stance in the world of communication, they’re not without pitfalls, and cyber-criminals certainly know this!  

‍

It's estimated that 3.4 billion spam emails are sent daily, some of which have been crafted to manipulate or obtain sensitive data.  

‍

Emails aren’t going away, which is why future-proofing your knowledge of data loss prevention is the only way to maintain optimal productivity, whilst safeguarding your business against emerging threats.  

‍

Let’s take a deeper dive into major issues when sending and receiving data through emails.

‍

What are Common Examples of Data Sent Through Email?

‍

Legal

‍

Your business is packed with legal documents, the likes of which may include litigation data, settlement agreements, or intellectual property.  

‍

Failing to protect legal information will incur significant repercussions on your business, both from a financial perspective, and reputational.  

‍

For example, just one email containing sensitive information about trademarked property may incur 6 months imprisonment and/or £5,000 fines for anyone involved with prohibited distribution.  

‍

Hackers will target legal information as this can be sold to competitors, or they can generate fake documents which adopt your business credentials.  

‍

Employee

‍

Data can also be for internal use, namely personal employee information, payroll changes, or benefit packages.

‍

Anything supplied by employees will have been done so with explicit consent, and failing to maintain its criteria would be a breach of GDPR.  

‍

In the most severe cases, a business can be fined up to £18 million or 4% of their annual turnover.  

‍

This information can be used for identity theft, which means attackers can start impersonating someone else during phishing attacks, therefore concealing who they are.  

‍

Sales

‍

Your sales department will use demographics to qualify leads.  

‍

Prospective customers have supplied key data that helps identify who they are, where they work, and possibly their current location.  

‍

And should leads be converted, they’ll require quotes, contracts and agreements, all of which opens more context around this individual, which may now include bank account details.

‍

This lends itself to a prime objective for many attackers – financial gain.  

‍

What are The Risks of Sending Information Via Email?

‍

Unsecure Information

‍

Emails often lack end-to-end encryption.  

‍

Without this, messages can be read outside the sender and intended recipient, which is why many instant messaging tools, such as Slack and WhatsApp, have made this part of their DNA, as more people demand safe digital communication.  

‍

Overexposure

‍

Sending mass emails is a pertinent marketing technique.  

‍

However, this perk is also a gateway to misguided distribution at scale, and with it, the potential for an endless chain of overexposure, in which more and more people gain access to sensitive information.

‍

Quite simply, the more this data circulates, the more likely cyber criminals will find an avenue to penetrate any line of communication that started with your preliminary decision to ‘click send’.  

‍

Lack of Control

‍

Once the email is sent, you have absolutely no visibility or control over what happens to this later down the line.  

‍

Without realising, you may have insider threats, who gain access to client information sent through email, and pass this to another business, who will use this to generate leads from your database.

‍

Human Error

‍

We all make mistakes, but in the world of emails, these are pretty much set in stone.  

‍

Employees may overlook the confidentiality of an email and send this to the wrong person, or provide insufficient context around its importance, therefore increasing the likelihood for any recipient to mishandle its continued distribution.  

‍

Even something considered rather basic to most, such as knowing the difference between ‘BCC’ and ‘CC’ may prove catastrophic, especially given the former conceals other recipient email addresses when sending to a large volume of people at once.

‍

What are Different Types of Email Attacks?

‍

Phishing

‍

These are fraudulent emails that appear to be legitimate, using very accurate imitations of a real company to entice someone into clicking a dangerous link.  

‍

Spear Phishing

‍

Phishing emails can also be tailored to specific recipients, therefore maximising its potential to deceive, as it's using more personal messaging.  

‍

Malware

‍

This will contain software designed to infiltrate a system your business uses to store sensitive information, often embedded within the email itself.

‍

Man-in-the-Middle

‍

People sometimes wait for emails to enter the airwaves before planning ways of intercepting its content.  

‍

What is The Biggest Email Hack?

‍

In terms of scale, none come closer than the seismic data breach Yahoo experienced between 2013-2016, in which more than 500 million user accounts were affected.

‍

So, how did this start?  

‍

The Russian Federal Security Service (FSB) hired two hackers, named Alexey Belan and Karim Baratov, hailing from Belarus and Canada respectively.  

‍

They sent spear-phishing emails to Yahoo employees, which contained a malware link, only requiring a single click to trigger full access to Yahoo’s network.  

‍

Watch our Free Webinar to Relieve Data Loss Anxiety

‍

Forever worried about data loss?  

‍

You’re not alone, which is why Team Workiro has invited CISO for the GetBusy PLC Group, Luke Kiely, to use his experience of dealing with cybercrime to allay your biggest concerns.  

‍

Sign up to our free data loss prevention webinar for guidance on best practices and discover how you can steer your fellow team members into a safer and more compliant approach to communication.