The Top 10 Email Risks
Why? Simply put: It’s just too risky!
Let take a quick look at the top 10 risks posed by email:
- Emails sent to external addresses (clients, customers, vendors, etc.) are not secure during transmission since they traverse the public Internet.
- Internal emails between coworkers could be at risk during transmission if your organization outsources email hosting.
- If your emails are on a vendor’s web server, your vendor may not have appropriate controls in place to protect your messages from unauthorized internal or external access.
- Emails on backup media may not be secure.
- Mobile devices and personal computers that connect to your mail server have email downloaded on those systems.
- Employees can access web mail from personal computers and download files and information to those external systems.
- Malware can enter your internal network via emails sent from unprotected systems.
- If simple authentication is used (i.e., only username and password are required for login), then phishing schemes, dictionary attacks, or simple password guessing can allow intruders access to employee email accounts.
- Damaging emails can put the organization at risk should it become subject to litigation.
- Reputation risk: a cyber breach can have a significant negative impact on an organization’s reputation and donations.
So how do you protect yourself? The best protection is to NOT use email to exchange confidential or sensitive information.
Several secure email solutions exist, but each of the risks identified should be assessed before implementing any secure solution.
Lisa is a partner at CapinTech. She uses her more than 30 years of experience to assist organizations in implementing measures to secure data and manage risks efficiently and effectively. She is a nationally recognized speaker and author, and serves on the AICPA Cybersecurity Task Force. Lisa founded Traina & Associates in 1999 to provide IS security services to a broad range of industries. Traina & Associates joined CapinCrouse in January 2017 and is now CapinTech.