Is Email Security Something You Really Need to Focus On?
In a word, yes.
Email is the number one platform cyber criminals use for scams due to the heavy reliance on emails for business. According to email security services providers, 90% of security attacks begin with an email. An email security company reported that their quarterly threat summary for the first quarter of 2016 showed that there has been a 66% increase in emails containing malicious attachments and URL’s compared to the previous quarter in 2015. Compared to the corresponding period in 2015.
This represents a staggering 800% increase! News of security breaches have been all over the news recently, and according to reports, ransom-ware will reach $1 billion in revenue by the end of 2016. Hackers are now using whaling tactics, phishing scams targeted at high-level executives, in order to steal valuable information from their computers by issuing fake legal documents such as subpoenas or tricking them into wiring large sums of money. According to the Federal Bureau of Investigation, whaling scams have led to over $2.3 billion in losses.
What are Email Security Best Practices?
Organizations should look to integrate best-practices email security solutions for their document management systems. Although many companies already have some sort of email security feature, they do not have email features that house confidential and business critical information. Industries such as law firms are highly susceptible to leaking confidential records. Such an approach will streamline the processes and technology to create a strong security foundation in the organization.
Any solution that helps you improve your email security into your document management system needs to do the following:
- Setup automated processes to identify suspicious words and URL’s, and add them to a blacklist
- Document and track best practices around processes and people so that in case a mistake is made manually, the software can be set to intervene to protect data.
- Institute locations in the DM system for sensitive information, protected with features such as multi-factor authentication, and encryption at rest and in motion, to add additional security
- Limit access to confidential information to certain members by creating privileges on projects, deals and matters
- Replace the use of email as a collaboration tool ad limit unprotected file sharing services with auditable tools that are part of the document management system
- Enforce corporate data retention and disposition review schedules
- Review analytics to track abnormal activity
Due to the expertise that hackers have in destroying barriers, driven of course by financial gain; a comprehensive approach to security is needed. Protecting data and integrating email security with information and document management should be a key consideration as part of the overall security strategy of any organization.
The Future of Email Security
On the bright side, the EU just recently reformed the General Data Protection Regulation in April of 2016 in response to the rise in data breaches. Regulations such as the GDPR are equally applicable to organizations of all sizes, and it’s imperative that the small and medium sized law firms don’t ignore it. Now with the much strengthened EU GDPR, organizations have a better chance of warding off cyber criminals.
At FileTrail we strive to help you find the best technology for your data needs. We have recently written up another checklist about the 9 Must Have Items for a New RM Solution. We’ve also looked at the issue of dealing with the “tidal wave” of records disposition data.
We’d really like the chance to demo what we can do. Click on the button below to set one up.
(this is an update of a previously published blog from October 2016.)