According to the Chinese Zodiac, 2018 has been the Year of the Dog; but for too many companies, it turned out to be the Year of the Phish. Email, long the indispensable mainstay of business communications, has been besieged by more attack vectors than ever – with phishing and spoofing attacks leading the pack. Report after report clearly shows the inability this past year of current email technologies (as well as file sharing technologies like Dropbox with its history of hacks) to protect businesses.
It’s not just the C-level that’s taking notice. In my conversations with businesses across multiple sectors, employees are looking for ways to communicate with each other in ways that won’t be compromised. In that search, they (and their CIOs and CSOs) run into two primary obstacles with the tools available today: ease of use and compliance.
Most ‘secure’ email and messaging platforms for business are just too cumbersome to use for the average user, especially for day-to-day use. Specialized web-sites, complex commands, and key management requirements cause just too much friction for people who just want to get their daily work done in a secure way.
At the same time, several easy to use mobile apps have emerged that use end-to-end encryption to deliver secure messages. Examples include WhatsApp (owned by Facebook) and Apple’s iMessage app that comes with every Apple device. The problem with these secure messaging apps is that they violate compliance polices of many organizations in that messages aren’t archived for future retrieval. Smarsh’s 2018 Electronic Communications Compliance Survey Report showed SMS/text messaging is considered as a primary compliance risk by almost 60% of survey respondents.
The financial sector is particularly at-risk regarding compliance issues. According to Financial Executives International (FEI), an organization that advocates for the views of corporate financial management: “Per regulations, all financial firms must reliably retain and adequately supervise the use of all methods of electronic communications their employees use to conduct firm business, both externally and internally. They must be prepared to… produce specific messages on demand should the regulator request them as part of an annual examination or unscheduled audit.”
Then there’s file sharing. While cloud storage is convenient, particularly for companies with global offices, it is generally unencrypted and vulnerable. Again, individuals are taking matters in hand, downloading thousands of small-scale encrypted storage solutions – not exactly efficient across the enterprise.
All of which leads us to my recommended 3 New Year’s resolutions for businesses seeking to close the door on email and file sharing attacks in 2019:
The New Year is when we as individuals resolve to do better, to BE better, than we were during the past year. Resolving the same for your business starts with protecting what you’ve built – and what’s to come.