58% of cyber attacks target small businesses. The majority happen by email. Why is enterprise email not secure?
What's up with enterprise email security?
Email has grown bigger than its origins
Email has been around nearly as long as the internet, and it was never designed as a secure method of communication. When you send an email, just like other internet data, it travels through multiple nodes. At any one of these, a bad actor could be present. It could be at your mail server, the server of your recipient, or somewhere in the middle. The thing is, there's no way to guarantee security at every stage.
Email: internal and external risks
Misfires - more common than you think
It's not just bad actors you have to worry about when you click 'send'. The number one cause of email data exposure is human error - sending a sensitive email or document to the wrong person. It's easy to do in today's age of autocomplete, but it's not something to underestimate. Both organisations and individuals can be liable for fines, and the ICO regularly enforces on businesses of all sizes.
Encrypt emails and attachments
"Data controllers should have a policy governing encrypted email, including guidelines that enable staff to understand when they should or should not use it. For example, there may be a guideline stating that any email containing sensitive personal data (either in the body or as an unencrypted attachment) should be sent encrypted." - ICO, 2021
Record data collection audit logs
"If you operate automated processing systems (any IT database), you must keep logs for at least the following processing actions:
- Disclosure (including transfers)
The law enforcement provisions do not include a definition of ‘automated processing system’ however it is interpreted to mean any system that undertakes processing by automated means, and is likely to involve human interaction (for example input of or access to data) at some point." - ICO, 2021
Recall emails as soon as possible
"[in the event of a data breach] act quickly. Try to recall the email as soon as possible. If you can’t recall it, contact the person who received it and ask them to delete it. In the future, consider turning off the Autofill tool when sending work emails. The 72 hours following a personal data breach are particularly critical." - ICO, 2021
Discover more about Mailock.