Nonprofit Resources

print

The Top 10 Email Risks

print
If you’re like most professionals, email is probably your primary form of communication some days. Many of us also rely on internal instant messaging systems. With all of this electronic communication, it’s crucial to abide by the rule of never exchanging any confidential or sensitive information via email or instant message.

Why? Simply put: It’s just too risky!

Let take a quick look at the top 10 risks posed by email:

  1. Emails sent to external addresses (clients, customers, vendors, etc.) are not secure during transmission since they traverse the public Internet.
  2. Internal emails between coworkers could be at risk during transmission if your organization outsources email hosting.
  3. If your emails are on a vendor’s web server, your vendor may not have appropriate controls in place to protect your messages from unauthorized internal or external access.
  4. Emails on backup media may not be secure.
  5. Mobile devices and personal computers that connect to your mail server have email downloaded on those systems.
  6. Employees can access web mail from personal computers and download files and information to those external systems.
  7. Malware can enter your internal network via emails sent from unprotected systems.
  8. If simple authentication is used (i.e., only username and password are required for login), then phishing schemes, dictionary attacks, or simple password guessing can allow intruders access to employee email accounts.
  9. Damaging emails can put the organization at risk should it become subject to litigation.
  10. Reputation risk: a cyber breach can have a significant negative impact on an organization’s reputation and donations.

So how do you protect yourself? The best protection is to NOT use email to exchange confidential or sensitive information. 

Several secure email solutions exist, but each of the risks identified should be assessed before implementing any secure solution.

Lisa Traina

Lisa is a partner at Traina & Associates, a CapinCrouse company. She uses her more than 30 years of experience to assist organizations in implementing measures to secure data and manage risks efficiently and effectively. She is a nationally recognized speaker and author, and serves on the AICPA Cybersecurity Task Force. Lisa founded Traina & Associates in 1999 to provide IS security services to a broad range of industries. Traina & Associates joined CapinCrouse in January 2017.

Leave a Comment