Fahmida Y. Rashid’s recent article on email being the main source of data leaks in organizations shines a light on how dependent all professionals have become on email, and how dangerous this could prove to be.
It’s all too easy to forward work emails to yourself, or to friends or colleagues, with attachments containing sensitive information. Remember the time you decided to send that really important PDF to your gmail account, so you could skim-read it on your smartphone and look at it properly once you got home? You’re not the only one. According to the Ponemon Institute’s research, approximately 69% of information security and compliance professionals have sent information elsewhere.
While adding stronger security will take some effort, the real question you should be asking yourself is: can you afford to NOT implement stricter email controls? Here is a simple, three-course menu for success:
Starter:
- Every company should look at the risk profile of each of its employees and implement risk-appropriate security. This ensures that those with access to more sensitive information (C-Level, R&D, IT staff) are subject to more stringent security controls.
Main course:
- Those with access to sensitive or business-critical information should be required to use two-factor authentication to access and email critical data. The latest versions of Microsoft server and OS have the ability to implement strong authentication out of the box.
Dessert:
- In order to encrypt an email in Outlook, once the two-factor authentication is set up, all the user has to do is check a box. As long as they have their secure identity card present and a PIN (something you have AND something you know) the email will be encrypted. This ENSURES it can only be read by an authorized member within the organization with a verified identity and appropriate access rights.
With this system in place, the complexity of encryption that has stopped employees sending secure emails will become as simple as, well… opening a letter.