Story image

Cyber criminals continue to target email: How you can stay safe

27 Oct 15

Cyber criminals are becoming much more advanced, and making it more important than ever for individuals to protect their email communications.

According to BAE Systems Applied Intelligence, criminals have expanding their activities from credit card data theft for immediate gain to going after personal data that they can monetise for weeks, months and even years.

The company says email remains the central mechanism for communications in both work and personal settings, transferring significant amounts of sensitive data frequently.

When it comes to a business, this can include market sensitive information and personal information and intellectual property (IP), yet most businesses aren’t taking adequate measures to protect their emails, BAE Systems says.

The average employee sends and receives about 110 emails each day, or 29,000 emails per year.

Of these, one in 20 might contain sensitive data. This means that a company with 100 employees creates or handles 145,000 emails with sensitive data each year.

That sensitive data can become a major problem for organisations if the emails containing them are hacked, intercepted, or accidentally sent to the wrong recipients, BAE Systems says.

Adrian Blount, BAE Systems Applied Intelligence director cyber security solutions ANZ, says, “Everyone uses email. Not just to communicate, but often as a place to keep important information.

“Email presents companies with serious ‘insider threats’. It only takes one honest mistake by an employee or one dodgy link in an email to lose that precious information. 

“The preventable situations are the frequent, innocent leaks that happen via email as a dedicated, if ignorant, employee just goes about his business. It’s the mistakenly attached spreadsheet with personal customer data.

“It’s the confidential email sent in error to everyone in the database. Those employees didn’t mean to do it. And they’d love to have the click of that mouse back.” 

BAE Systems Applied Intelligence recommends four key strategies to help prevent sensitive information from being leaked via email: 

1. Measure violations and set targets 

It’s impossible to manage something without first being able to measure it, the compay says. Tracking and reporting on questionable email usage over time and monitoring activity across individual workstations is an important start.

This can be done with email Insider Threat Prevention (ITP) technology, which can spot specific violations of internal policies, according to BAE systems.

2. Filter sensitive information out of email 

Companies are often concerned with incoming traffic and protecting themselves against viruses, worms, and botnets.

While those are important, critical information flowing out of the organisation represents the greatest risk, says BAE Systems.

Companies need a solution that can help block, quarantine, redact, or automatically encrypt sensitive messages, including content-aware policies that, for example, recognise credit card details within an email and don’t allow the email to leave the organisation. 

3. When in doubt, encrypt and notify 

Often it’s simpler and faster to encrypt an outbound message and notify the sender of the encryption than it would be to involve the message in timely quarantine activity, the company says.

4. Communicate your email policy 

If staff do not understand internal email policies, then they cannot be expected to follow them correctly.

A good starting point is partnering with a member of HR to write a simple memo explaining the policy. Creating a policy can be a delicate process, as a good policy needs to be brief and concise, without being too vague. 

One of the biggest risks to businesses is the threat of employees who accidentally or intentionally leak data.

Despite internal protocols and education, email is still a major source of information breaches.

Through a combination of measurement, content-aware policies, encryption techniques and email usage guidance for staff, companies can be more secure against insider threats, says BAE Systems.

Samsung joins a global league of AI experts
“As a member of the PAI, Samsung will strive to facilitate the ongoing progress of artificial intelligence.”
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
Kordia launches Women in Tech scholarship at the University of Waikato
The scholarship is established to acknowledge and support up-and-coming female talent and future technology leaders.
Mastercard opens Global Tech Hub in Sydney
"Enterprises, SMEs or startups are now able to bypass legacy approaches and develop innovation at an accelerated pace."
Kiwis concerned about being scammed – survey
This unease is warranted given the growing sophistication of scammers and their activities, and numbers of attempted fraud.
With a mighty roar, Rocket Lab blasts off to space
Success! It definitely was business time for Rocket Lab yesterday as its Electron launch vehicle blasted off from the Māhia Peninsula yesterday (November 11).
Commercial drones will only take off if safety is paramount
New Zealand’s commercial drone services could be ready within the next two years, but only if enough research is done to make certain that the public is safe.
Small Business Council sharpens focus on future disruption
“We’ve taken a bird’s-eye look at the current landscape and the issues small businesses are facing," says Small Business Council chair Tenby Powell.