Story image

Cyber criminals continue to target email: How you can stay safe

27 Oct 2015

Cyber criminals are becoming much more advanced, and making it more important than ever for individuals to protect their email communications.

According to BAE Systems Applied Intelligence, criminals have expanding their activities from credit card data theft for immediate gain to going after personal data that they can monetise for weeks, months and even years.

The company says email remains the central mechanism for communications in both work and personal settings, transferring significant amounts of sensitive data frequently.

When it comes to a business, this can include market sensitive information and personal information and intellectual property (IP), yet most businesses aren’t taking adequate measures to protect their emails, BAE Systems says.

The average employee sends and receives about 110 emails each day, or 29,000 emails per year.

Of these, one in 20 might contain sensitive data. This means that a company with 100 employees creates or handles 145,000 emails with sensitive data each year.

That sensitive data can become a major problem for organisations if the emails containing them are hacked, intercepted, or accidentally sent to the wrong recipients, BAE Systems says.

Adrian Blount, BAE Systems Applied Intelligence director cyber security solutions ANZ, says, “Everyone uses email. Not just to communicate, but often as a place to keep important information.

“Email presents companies with serious ‘insider threats’. It only takes one honest mistake by an employee or one dodgy link in an email to lose that precious information. 

“The preventable situations are the frequent, innocent leaks that happen via email as a dedicated, if ignorant, employee just goes about his business. It’s the mistakenly attached spreadsheet with personal customer data.

“It’s the confidential email sent in error to everyone in the database. Those employees didn’t mean to do it. And they’d love to have the click of that mouse back.” 

BAE Systems Applied Intelligence recommends four key strategies to help prevent sensitive information from being leaked via email: 

1. Measure violations and set targets 

It’s impossible to manage something without first being able to measure it, the compay says. Tracking and reporting on questionable email usage over time and monitoring activity across individual workstations is an important start.

This can be done with email Insider Threat Prevention (ITP) technology, which can spot specific violations of internal policies, according to BAE systems.

2. Filter sensitive information out of email 

Companies are often concerned with incoming traffic and protecting themselves against viruses, worms, and botnets.

While those are important, critical information flowing out of the organisation represents the greatest risk, says BAE Systems.

Companies need a solution that can help block, quarantine, redact, or automatically encrypt sensitive messages, including content-aware policies that, for example, recognise credit card details within an email and don’t allow the email to leave the organisation. 

3. When in doubt, encrypt and notify 

Often it’s simpler and faster to encrypt an outbound message and notify the sender of the encryption than it would be to involve the message in timely quarantine activity, the company says.

4. Communicate your email policy 

If staff do not understand internal email policies, then they cannot be expected to follow them correctly.

A good starting point is partnering with a member of HR to write a simple memo explaining the policy. Creating a policy can be a delicate process, as a good policy needs to be brief and concise, without being too vague. 

One of the biggest risks to businesses is the threat of employees who accidentally or intentionally leak data.

Despite internal protocols and education, email is still a major source of information breaches.

Through a combination of measurement, content-aware policies, encryption techniques and email usage guidance for staff, companies can be more secure against insider threats, says BAE Systems.

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Hands-on review: The ruggedly tough CAT S61 smartphone
The driveway beckoned me, so I dropped the phone several times.  Back in the study, close examination has failed to reveal a single scratch.
How printing solutions can help save the planet
Y Soft has identified five key ways organisations can become more economical and reduce their environmental impact.
Is NZ’s tech industry starting to mature?
Technology is New Zealand’s fastest growing and third biggest industry.
How Kiwibank aims to enable greater digital inclusion
"Online tools can offer a more convenient and cheaper customer experience, but there can be barriers to usage."
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Inland Revenue to shut down services later this week
“There’s never an ideal time to shut down the tax system but we’re confident the changes will make any inconvenience worthwhile.”
NZ managers prefer intuition to big data, Massey study finds
Many senior managers in New Zealand businesses have an inherent distrust of big data, opting instead to rely on their own intuition.