According to the Chinese Zodiac, 2018 has been the Year of the Dog; but for too many companies, it turned out to be the Year of the Phish. Email, long the indispensable mainstay of business communications, has been besieged by more attack vectors than ever – with phishing and spoofing attacks leading the pack. Report after report clearly shows the inability this past year of current email technologies (as well as file sharing technologies like Dropbox with its history of hacks) to protect businesses.
It’s not just the C-level that’s taking notice. In my conversations with businesses across multiple sectors, employees are looking for ways to communicate with each other in ways that won’t be compromised. In that search, they (and their CIOs and CSOs) run into two primary obstacles with the tools available today: ease of use and compliance.
Most ‘secure’ email and messaging platforms for business are just too cumbersome to use for the average user, especially for day-to-day use. Specialized web-sites, complex commands, and key management requirements cause just too much friction for people who just want to get their daily work done in a secure way.
At the same time, several easy to use mobile apps have emerged that use end-to-end encryption to deliver secure messages. Examples include WhatsApp (owned by Facebook) and Apple’s iMessage app that comes with every Apple device. The problem with these secure messaging apps is that they violate compliance polices of many organizations in that messages aren’t archived for future retrieval. Smarsh’s 2018 Electronic Communications Compliance Survey Report showed SMS/text messaging is considered as a primary compliance risk by almost 60% of survey respondents.
The financial sector is particularly at-risk regarding compliance issues. According to Financial Executives International (FEI), an organization that advocates for the views of corporate financial management: “Per regulations, all financial firms must reliably retain and adequately supervise the use of all methods of electronic communications their employees use to conduct firm business, both externally and internally. They must be prepared to… produce specific messages on demand should the regulator request them as part of an annual examination or unscheduled audit.”
Then there’s file sharing. While cloud storage is convenient, particularly for companies with global offices, it is generally unencrypted and vulnerable. Again, individuals are taking matters in hand, downloading thousands of small-scale encrypted storage solutions – not exactly efficient across the enterprise.
All of which leads us to my recommended 3 New Year’s resolutions for businesses seeking to close the door on email and file sharing attacks in 2019:
- Go big or go home in protecting against the most common cyber attack vectors – especially phishing and spoofing. According to statistics from 2017, 67% of organizations have received a phishing attack at an average cost of $2.7 Million per attack. Of most importance in these numbers is that companies are facing thousands of attacks throughout the year, which serves to multiply the impact of a single attack. These problems can be addressed with a combination of end-to-end encryption and a “walled garden” list of trusted users that are allowed to communicate.
- Give your people the easy to use the compliance-friendly, secure communications channel that they’ve always wanted – and end business email compromise (BEC). According to the SEC, in 2017, BEC ranked as the top cause of estimated losses linked to any cybercrime. BEC has been responsible for more than $5 billion in losses since 2013.
- Protect your business (and personal, for that matter) data with one encrypted cloud storage solution for all employees. Back in 2016, Dropbox reluctantly confirmed that the email addresses and hashed passwords of 68,680,741 accounts were exposed in a 2012 hack. A wealth of personal and business data was exposed. But as many employees use Dropbox without sign-off from their IT departments, companies may not ever know the real costs of this breach to their business.
The New Year is when we as individuals resolve to do better, to BE better, than we were during the past year. Resolving the same for your business starts with protecting what you’ve built – and what’s to come.