What’s all this about ‘Secure Transfer’?
Your Business Is At Risk Of Cyber Hacking!
We all know that ‘Cyber’ crime is relatively low risk and can reap huge rewards for criminals. Annoyingly, malicious software or malware is the easiest to transmit via either a link or attachment and since many staff members could be dealing with hundreds of emails a day, it only takes one mistake to unleash a workplace catastrophe. One well meaning employee can jeopardise the integrity of your organisation.
It will come as no surprise that cyber criminals choose email as the best and easiest way to transmit malware and launch cyber attacks today. Ian Grey, an information and cyber security consultant, who runs Wadiff Consulting, says: “A company’s email system can make or break it. When an email system goes down, or some emails cannot be quickly delivered, productivity drops. Emails are the standard way to send text and files to anywhere on the globe and are (erroneously) trusted to be secure and auditable – unfortunately this is not the case.”
The WannaCry worm (initially delivered by email) spread across computer networks and with each one it reached, users were locked out of their critical data. A ransom demand of $300 in Bitcoin was then made on each infected machine. Cyber risk modelling firm Cyence put the costs at $4 billion and even though this attack is now fading into history, one fact is certain – when one attack ends, another prepares to launch.
One of the biggest data breaches within financial services took place in the US in 2014. Anthem is one of the USA’s largest health insurers and a cyber breach exposed the data of some 80 million customers, including their social security numbers.
It is believed the breach stemmed from China and hackers had been operating in the insurer’s system for months. A phishing email, disguised to look like an internal message, was the likely cause. Financial Services firms are particularly attractive targets for hackers because of the detailed and sometimes sensitive data they hold.
So what’s The Real Problem?
Manual business processes are expensive to resource from a human capital perspective but also rely on person-to-person communication, which for expediency and perceived traceability is often conducted via email.
Andrew Martin, CEO of the cyber risk scoring platform DynaRisk, comments: “Many people don’t realise that a compromised email account is an absolute gold mine for hackers. Everything is sitting in your email and it’s the means of communication with everyone you know and every online service you use.
If you forget your online banking password, you can just reset it via email. If you need to work on some confidential customer files over the weekend from home, you email it to yourself and if you want to get paid by a client, you email them an invoice with your account details. These are all simple and easy to do yourself, which also makes it exceptionally easy for someone else to do if they gain access to your account.”
Aside from being insecure in transit, Email is difficult to prove successful delivery to the recipient, the action taken by the recipient, whether they share and how they store the potentially sensitive information.
So What Is The Answer?
If your firm is overly dependent on email attachments for customer communication, then make a management commitment to stop it, or at least reduce it over time.
For example HMRC clearly states to all taxpayers: “HMRC will still never email you about rebates or to ask for your bank account details and these emails won’t contain any confidential information.” Taxpayers are conditioned to be suspicious of sensitive emails that appear to be from HMRC as opposed to being trusting. Perhaps the financial services industry or individual firms could make a similar pledge?
Email attachments are not the only means of transmitting documents (usually PDFs) from one person to another. The simplest way to stop sending is to share the documents in a secure online environment, which can be securely accessed by the insurer, broker and client.