Cybersecurity: the crucial double check

Andrea Babbs, UK General Manager, VIPRE SafeSend, emphasizes the importance of implementing a crucial double-check to improve email security culture. 
Andrea Babbs, UK General Manager, VIPRE SafeSend, emphasizes the importance of implementing a crucial double-check to improve email cybersecurity culture. 

Cybersecurity has quickly become the world’s fastest-growing form of criminal activity and is showing no sign of slowing down with the number of attacks on businesses continuing to increase. COVID-19 has acted as a catalyst for this, with hackers taking advantage of remote workers during challenging times. 

Despite innovations and sophistication in hacking methods, one of the main means of data loss is insiders, including employees making mistakes. Humans make errors, and stressed, distracted employees will make even more mistakes. And with sensitive information on the line, such as regulatory compliance to safeguarding Intellectual Property (IP), companies are increasingly concerned about the risk of inadvertent data loss. But how can this threat be mitigated?

Human Error 

Business reliance on email is creating a very significant cyber security risk, and not simply due to the increasing volume and sophistication of phishing and ransomware attacks. Given the sheer volume of emails sent and received a day (over 300 billion every day in 2020), mistakes are inevitable. Employees are trusted with company-sensitive information and assets, and many are permitted to make financial transactions, often without requiring additional approval. Furthermore, with strict data protection requirements in place, not only GDPR, but also industry-specific regulations, organizations clearly require robust processes to mitigate the risk of inadvertent data loss.

According to reports, 34% of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. Should confidential corporate information fall into the wrong hands, the consequences could be devastating, including financial penalties, loss of trust and competitors gaining an advantage. BitMEX, one of the world’s largest cryptocurrency trading platforms, accidentally leaked thousands of private customer email addresses when they sent out a mass mailshot without using the BCC function. But how could this mistake be stopped? What employees need is a way to better manage their email functions, with an opportunity for potential mistakes to be flagged before an individual hits send, for example showing who is in the to, cc and bcc fields.

Additional Layers 

Few organizations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an insider threat. But more importantly, what they may not be aware of is that there is a solution available that can add a layer of employee security awareness. 

Businesses can help employees avoid simple mistakes, such as misaddressed emails, by providing a simple safety check, which alerts users to confirm both the identity of the addressee(s) and, if relevant, any attachments. The solution can be configured to work on a department or user basis; for example, a business may not want HR to be able to mistakenly send sensitive personal information to anyone internally and therefore require a confirmation for all emails. 

In addition to confirming email addresses and attachment(s), the technology can also check for keywords within the email content using Data Loss Prevention rules, and each business can set its own requirements and parameters determined by corporate security protocols. Any emails, including attachments containing these keywords, will be flagged, requiring an extra process of validity before they are sent without impeding working practices, and providing users with a chance to double-check whether the data should be shared with the recipient(s).

The Essential ‘Pause’ Moment 

Deploying an essential tool that prompts for a second check and warns when a mistake is about to be made helps organizations mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. Accidentally CCing a customer, rather than the similarly named colleague, will be avoided because the customer’s domain will not be on the allow list and therefore automatically highlighted. This is more crucial than ever before with employees dispersed across a range of locations as part of hybrid working. Such tools can support mixed operating system environments and DLP add-ons can be given to certain departments and groups who handle very sensitive information such as employee or legal data. 

This type of tool is key for companies and reinforces a security culture, building on education and training, with a valuable solution that helps users avoid the common email mistakes that are inevitable when people are distracted, tired or stressed. It provides an essential ‘pause’ moment, enabling individuals to feel confident that emails have been sent to the right people and with the right attachments.

In addition to checking the validity of outbound and inbound email addresses and attachments, it can also support in minimizing the risk of staff falling foul of a phishing attack. For example, an email that purports to come from inside the company, but actually has a cleverly disguised similar domain name, such as receiving an email from V1PRE, as opposed to VIPRE. The technology will automatically flag that email when the user replies showing that it is not from an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack.

Conclusion

Email is arguably the key productivity tool in most working environments today, placing much of the responsibility for secure use of that tool on employees. But supporting staff with an extra prompt for them to double-check they aren’t mistakenly sharing confidential data helps raise awareness, understand, and provide that essential security lock-step, before it’s too late. The premise is not to add time or delay in the day to day management of email; it is about fostering an attitude of awareness and care in an area where a mistake is easily made.

READ MORE:

No organization is immune to human error, but having a clear strategy in place to address the issue of misaddressed emails and data loss through emails and mitigating the associated risks helps businesses remain compliant and secure. It’s all about increasing awareness and improving email culture where mistakes can so easily be made, while reinforcing compliance credentials. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of Cybersecurity, Security, Cybersecurity: the crucial double check

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

The critical role of data integrity in generative AI

Anjan Kundavaram • 23rd November 2023

The quest to harness the full potential of generative AI relies on finding trustworthy data to achieve outstanding results for diverse use cases. With the continued growth and transformative impact of generative AI, business leaders need to ensure that the data being fed into it has integrity.

Navigating a CTO-as-a-Service arrangement

Cyril Samovskiy • 21st November 2023

Attracting a top-tier Chief Technology Officer (CTO) can be challenging at the best of times, but for tech startups – who often have limited resources, a yet-to-be-proven product-market fit, and financial instability – it can be even more so. Add tech’s ongoing talent shortage to the mix, and it’s easy to see why CTO-aaS is...

The Importance of SBOM and CVE in Medical

Diego Buffa • 18th November 2023

This article explores the critical landscape of medical device cybersecurity, focusing on the IMDRF’s “Principles and Practices for Medical Device Cybersecurity.” It advocates for a holistic approach throughout the product life cycle, with particular emphasis on the vital role of the Software Bill of Materials (SBOM). The article addresses the FDA’s stringent postmarket vulnerability reporting...

AI powered fused spurs unveiled by measurable.energy

Diana Kamkina • 15th November 2023

measurable.energy, experts in eliminating wasted energy, are proud to announce the launch of their latest innovation – fused spurs. This highly anticipated addition to their product line is set to transform the landscape of energy management in construction and commercial buildings.

Technology for a Sustainable Tomorrow

Mark Robison • 09th November 2023

We currently face the critical challenge of reducing carbon emissions in an effort to reach net zero targets. This is the challenge of our lifetime and for many more generations to come. Fortunately, this challenge has ushered in a new era of innovation, where technology plays a leading role in creating a sustainable future.

Preparing UK Businesses for the Coming PSTN Switch Off

Chris Wade • 01st November 2023

The PSTN Switch Off will require a robust framework of action as all business sectors will be impacted. In order to stay ahead of this significant change, businesses must start considering new, digital alternatives such as VoIP based communication technology.

Dark Fibre’s Role in Supercharging Edge Data Centers

Sean Lowry • 18th October 2023

In response to Proximity Data Centre’s e-book, Glide’s CTO, Sean Lowry explores the impact of low latency on gaming, the Metaverse, and AI. He explains how dark fibre and Glide’s “Fibre Cities” are primed to support the evolving needs of edge data centres and seamless connectivity.

Smart Labels and the intersection of technology and logistics

Sam Colley • 13th October 2023

The delicate fabric of the ever-evolving technological landscape is being rewoven with the introduction of game-changing elements like smart labels, which are bringing the logistics industry to the forefront of innovation. These technological wonders are not only transforming the landscape of logistics, but they are also unlocking a multitude of options where precision, discretion, and...