In many instances, business leaders believe that email security is among the least of their concerns when it comes to data management and protection, focusing the entirety of their efforts on other communications tools, infrastructure components, devices and the like. Now, while it is valid that certain other aspects in the corporate infrastructure are going to be more difficult to control and secure, such as mobile devices and networks, leaders should not fail to see the dangers of inadequate email protection.
Email accounts often act as the foundation of a given individual's online identity, as they are a popularly used form of authentication, a storage database for a wealth of communications and much, much more. Think about when an employee forgets his or her password - the website will often send a verification notification to the email account, and the staff member will then have to use the link therein to reset the password or make other changes to access management.
Going a step further, so much information is transferred through email today that one would likely be hard-pressed to find a company that does not have any sensitive information stored in these environments. So, how would a company be able to protect itself from the wealth of dangers on the Internet today without a significant amount of effort placed in the email encryption and security arena? Even when other components are protected, this will always represent a significant risk.
Now, after a few major data breaches that led to the exposure of login and password information among email users, it is becoming a bit clearer that many businesses have lagged in their approaches to security specifically in terms of these accounts. The time is now for a major changing of the guard, as threat mitigation and risk management are all about comprehension and proactivity - two characteristics that are significantly lacking in the modern private and public sectors.
Proof is in the pudding
The Wall Street Journal recently reported that one survey from LexisNexis revealed roughly 90 percent of legal entities are using email for corporate communications functions, yet few are actually protecting these messages from unsanctioned access and manipulation. Although every industry needs to be aware of the dangers that come through when email security is not maximized, law firms have bigger concerns to worry about.
For example, legal discovery, chain of custody, general information governance and, of course, data security will generally dictate how successful one law firm is against another in a litigation proceeding. This is why it is relatively horrifying that the LexisNexis survey revealed only a little more than one-fifth of law firms are actually using email encryption services, putting virtually every message at risk of exposure or theft, the news provider noted.
What's more, the source pointed out that nearly 60 percent of those very same respondents admitted that significant issues would arise should a non-intended reader come across one of these emails.
"There's clearly a disconnect between expressed security concerns and measures law firms employ to protect their clients and themselves," LexisNexis senior product manager and attorney Christopher T. Anderson explained, according to The Wall Street Journal. "Relying on a mere statement of confidentiality when sharing privileged communications by email is a weak measure–and further it might protect the law firm but affords very little protection for the client."
At the end of the day, this is just a drop in the river when looking at the widespread lack of email security commitments across industries.
When will knowledge spread?
Again, companies have fought an uphill battle to quickly and adequately secure all of their digital assets, and no one is arguing that this has been an easy or straightforward responsibility in any sense. It is certainly understandable that organizations struggle to keep a close eye on every potential risk given how quickly devices, applications, systems and more are entering the average corporate environment.
However, the excuses for not having comprehensive and proactive approaches to security are few and fading, and leaders must recognize that they will be the most damaged parties when a major breach or other incident strikes.
One of the more worrisome, yet consistent findings in recent studies and surveys is that decision-makers understand what the threats are and why they represent such significant risk, but are either lethargic or completely apathetic when it comes time to provision tools to protect their operations.
Email encryption services have become relatively affordable, intuitive and easy to implement, while the best ones will never hinder productivity among employees who are using the tools. The time is now to get a bit smarter with email security, and businesses must understand that these accounts are the first step toward avoiding a major headache when a hacker makes them a target.
David Bailey is Senior Vice President at Protected Trust.
Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services. More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.
Comments (0)