There is a common perception that people think their emails are already secure but are they?
Here are some common email security Myths.
1. We’re not a target
Many companies feel that they are too small to be targeted. You may have heard about big data breaches occurring at large companies; the belief is therefore that it must only be the big fish that are being targeted. The truth is that medium and small-sized companies are often targeted quite simply because they are likely to have fewer resources to protect themselves as larger ones.
According to the recently released Verizon Data Breach Investigation Report (DBIR), which looked at nearly 42,000 data breaches across 86 countries, 43pc of incidents involved smaller businesses. Around seven in ten were financially motivated and around 25pc related to cyber-espionage.
2. My Email is secure already — The IT department said so, it uses TLS/SSL like when I buy online
This means the data is likely only to be secure between the client(Mobile or Laptop etc) to the service provider, not on its journey to the recipient or whilst sitting in the service provider. In addition, it is unlikely to be secure when on the recipient’s email servers.
3. My Email service provider, is a huge corporation with agreements in place regarding privacy, although I don’t really understand them, I think I trust them.
This is a complex legal area. But depending on where your data is, it could be requested by governments, or its also possible that parts of their infrastructure could be compromised. In addition, there have been many recorded cases of emails that have been ‘Scanned’
Google is secretly sharing users’ personal data with advertisers in breach of Europe’s data protection laws, a competing search engine has claimed.
In new evidence submitted to Ireland’s data watchdog, search engine Brave has claimed that Google is allowing ad-tech companies to compile and share personal information from users on over 8.4 million websites.
4. My users have been on training so they will not click on Phishing links now
Education — Or the ‘Human layer’ is crucial, but only part of the solution.
According to Symantec’s 2018 Internet Security Threat Report (ISTR), a whopping 54.6 percent of all email is spam. Even more to the point, their data shows that the average user receives 16 malicious spam emails per month, which leads to some scary math. Even if you only have 20 employees, that’s 320 times a month you have to trust in their ability to correctly scrutinize emails and make the right call. That’s 3,840 bullets to dodge over the course of a year.
You can’t rely on every employee to make the right choice every time a malicious email hits their inbox. No one is perfect, and attacks can be extremely well disguised. Eventually, someone somewhere is going to slip up. When they do, you need to ensure you have the right security solutions that can act as safety nets, and you need to have the proper policies in place.
5. Why Don’t I just do this alone on Gmail, Exchange or O365? Cant I just Check a Box?
No. You Can’t! to set this up you may have to purchase expensive certificates for each user, get them installed on the sender and receiver. Train the user and you may also need ATP or E3. It’s costly and cumbersome. PGP has similar issues.
6. Not on the top of the list
If you are busy dealing with security for your company, typically concerns surround perimeter defense, and policies surrounding employee use of the internet take center stage. The belief is that if you can keep your employees off the Dark Web, the biggest threats are reduced. The problem is that you are still at risk, even if everyone at your company behaves perfectly.
The time is now to encrypt every mail and improve your security stance. You can implement this in a cost-effective and seamless way using MeSince, And say a big ‘No’ to sending mail in clear text
At MeSince we specialise in Email Encryption and Secure Document Signing.
Email encryption is a key data protection component of the GDPR, and it is referred to as an example of an “appropriate measure” to keep personal data secure.
* Email encryption ensures “data protection by design” covered in Article 25, and it
mitigates your liabilities in the event of a data breach under Article 34
We Believe
- Email is a must and must be encrypted
- Email Encryption mitigates your liabilities for GDPR
- Let’s say “NO” to plain text email and send every email with encryption
- MeSince makes email encryption easy — Automation.
- Try for free at www.mesince.com
