The other day, I received an email from a client describing how he was hacked. His note ended with: “I hope you are having a better day than I am.” The message gave me pause because this client was the latest victim in a string of email security breaches I’ve heard about from people in my network over the past couple of months.
In this particular event, a weaponized document disguised as an outstanding invoice was sent from the target’s e-mail to his contact list. About 20 minutes later, another email was sent from the same person stating that it was OK to open the document.
If you clicked on the document, it asked you to log in to Microsoft Office 365 (if you had it), which would give the hacker access to your username and password. Obviously, doing this opens up all kinds of issues and perpetuates the attack.
We hear about these kinds of incidents every day, or find ourselves in the same position, pondering whether a certain message in our inbox is legit or not. While I’m willing to bet most of us consider ourselves pretty security-savvy, and far too smart to open a suspicious email, the fact is someone ends up opening them.
A Larger Problem
It is a window into a larger problem that has been escalating in our digital and professional worlds. Users are breached, which gives attackers access to their internal environments. One way attackers get in is through our e-mail. We’ve all heard about the risks of email, and that we should never use email to share any information that is sensitive or confidential, but using email is convenient and change is hard.
To illustrate the extent of the problem, an info-security study by the Experian Data Branch and Ponemon Institute reported that almost half (43%) of organizations have experienced at least one security incident.
Reported data breaches in 2016 increased by 40% over 2015, and Yahoo had to come clean about the largest data breach in history that affected more than one billion accounts. In 2017, some of the biggest breaches included Verifone, Dun & Bradstreet, OneLogin, the IRS, and DocuSign. The average cost of a breach in the United States was upwards of $7.3 Million in 2017 according to IBM Calculator.
So you tell me: Have we become complacent about using email, trusting it to share documents that, if they were exposed to a hacker through an email attack, could prove damaging? When you think about our inbox and your sent folder, are there attachments sitting there that you really wouldn’t want to be exposed?
File Sharing Best Practices
To shed some light on security challenges and file sharing alternatives that are as convenient as email but much more secure, I’ve put together a short video with some best practices for protecting the confidential materials that you might be sharing through email today.
Get in Touch
I’d also like to better understand how this issue affects people in my network. Please feel free to share your experiences with me directly.
Discover a virtual data room that's made with you in mind.
Learn more about serious sharing by booking a live one-on-one demo.
Jason MacLellan is a Senior Sales Executive with Firmex, one of the world’s most widely used virtual data rooms. Over the last 8 years, Jason has helped thousands of clients securely share their most confidential and sensitive documents. Jason and the team at Firmex help organizations solve process challenges including divestitures, mergers, acquisitions, equity & debt raises, RFPs, financial audits, secure board portals, etc.