industryopinion
Cybersecurity: The Crucial Double Check
Andrea Babbs, UK General Manager for VIPRE SafeSend, emphasises the importance of implementing a crucial double check to improve email security culture.
C
ybersecurity has quickly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses continuing
to increase. COVID-19 has acted as a catalyst for this, with hackers taking advantage of remote workers during challenging times. Despite innovations and sophistication in hacking methods, one
of the main means of data loss is insiders, including employees making mistakes. Humans make errors – stressed, distracted employees will make even more mistakes. And with sensitive information on the line, such as regulatory compliance to safeguarding Intellectual Property (IP), companies are increasingly concerned about the risk of inadvertent data loss. But how can this threat be mitigated? Business reliance on email is creating a very significant cyber
security risk – and not simply due to the increasing volume and sophistication of phishing and ransomware attacks. Given the sheer volume of emails sent and received a day (over 300 billion every day in 2020), mistakes are inevitable. Employees are trusted with company-sensitive information and assets, and many are permitted to make financial transactions – often without requiring additional approval. Furthermore, with strict data protection requirements in place, not only GDPR, but also industry specific regulations, organisations clearly require robust processes to mitigate the risk of inadvertent data loss. According to reports, 34% of all breaches are caused by insider
fault, yet many employees are unaware of their responsibility when it comes to data protection. Should confidential corporate information fall into the wrong hands, the consequences could be devastating, including financial penalties, loss of trust and competitors gaining an advantage. BitMEX, one of the world’s largest cryptocurrency trading platforms accidentally leaked thousands of private customer email addresses when they sent out a mass mailshot without using the BCC function. But how could this mistake be stopped? What employees need is a way to better manage their email functions, with an opportunity for potential mistakes to be flagged before an individual hits send, for example showing who is in the to, cc and bcc fields. Few organisations have a clear strategy for helping their
employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an insider threat.
www.pcr-online.biz
But more importantly, what they may not be aware of is that there is a solution available that can add a layer of employee security awareness. Businesses can help employees avoid simple mistakes, such as
misaddressed emails, by providing a simple safety check, which alerts users to confirm both the identity of the addressee(s) and, if relevant, any attachments. The solution can be configured to work on a department or user basis, for example, a business may not want HR to be able to mistakenly send sensitive personal information to anyone internally and therefore require a confirmation for all emails. In addition to confirming email addresses and attachment(s),
the technology can also check for keywords within the email content using Data Loss Prevention rules, and each business can set its own requirements and parameters determined by corporate security protocols. Any emails, including attachments containing these keywords, will be flagged, requiring an extra process of validity before they are sent without impeding working practices, and providing users with a chance to double check whether the data should be shared with the recipient(s). Deploying an essential tool that prompts for a second check and
warns when a mistake is about to be made helps organisations mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. Accidentally CCing a customer, rather than the similarly named colleague, will be avoided because the customer’s domain will not be on the allow list and therefore automatically highlighted. This is more crucial than ever before with employees dispersed across a range of locations as part of hybrid working. Such tools can support mixed operating system environments and DLP add-ons can be given to certain departments and groups who handle very sensitive information such as employee or legal data. In addition to checking the validity of outbound and inbound
email addresses and attachments, it can also support in minimising the risk of staff falling foul of a phishing attack. For example, an email that purports to come from inside the company, but actually has a cleverly disguised similar domain name, such as receiving an email from V1PRE, as opposed to VIPRE. The technology will automatically flag that email when the user replies showing that it is not from an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack.
Apri 2022 | 15
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
