You may be under the impression that emails are relatively secure. You have been schooled on phishing and know not to open any suspicious PDFs or click on fake URLs. But that aside, your internal and external emails are still vulnerable to interception by hackers that are listening or sniffing on your network.
Confidential information can include business plans, documents, designs, sketches, source code, trade secrets and medical/financial records.
The inherent risks with email are twofold:
- Information can easily be transferred from one party to another
- Hackers can gain control of these accounts by entering through unsecured points such as old email portals, routers or software.
Follow these dos and don’ts and your organization will be on the path toward successfully stopping these hacks that can lead to costly or embarrassing leakage of confidential information.
Email Dos and Don’ts
DON’T send emails that include unencrypted or unsecure web pages
Not sure how to tell the difference? First and foremost, the web address starts with https, with the “s” standing for secure. Also, look for a lock or the word “secure” next to the URL address.
DO answer these three questions before hitting the send button:
- Do I need to send this information to this person? Is there a more confidential way to get the information to them?
- Can I strip out the confidential information and still convey the meaning of the email to the recipient?
- If you are responding as part of a thread, have I read the entire email and deleted the confidential information that does not need to be included? Do I know everyone on the email thread? If you don’t recognize individuals on the thread, call the sender and find out why they are on the distribution list.
DON’T send passwords over email.
You can send the portal information to log-in if you’d like, but send a text, call or stop by someone’s desk and give them the log-in credentials.
DO send any confidential emails to the smallest audience possible.
Let them know the email is coming by calling or texting them.
DON’T let your computer get infected
Be sure to keep your operating system, software and anti-virus software up-to-date. This is one of the better ways to keep hackers at bay. If your computer does become compromised, be sure to immediately shut it down and alert the IT staff you have a problem.
DO add one of the following statements in the subject line.
- Confidential Data: Do not redistribute or forward I would recommend this one as it protects your organization from any potential lawsuit if information ends up in the wrong hands.
- Private & Confidential: Do not duplicate or distribute without written permission
- CONFIDENTIAL AND PROPRIETARY: For Internal Use Only
- CONFIDENTIAL: Not for public disclosure
- CONFIDENTIAL for ________________ (Name of person(s)) eyes only
DO understand the regulations of your industry and their email standards.
If you are in the healthcare field, you need to comply with HIPAA. In the government, GSA standards. In the financial world, it is the Financial Industry Regularity Authority.
DO put an automatic confidentiality disclaimer on the bottom of each employee’s email signature.
DO ask parties to delete confidential emails after reading them.
DO make sure the sender and receiver’s email software are encrypted.
DO have the ability to remotely disable company laptops and tablets if they are stolen.
The ProActive Technology Group Can Help
From email vulnerability consulting to total network assessment and everything in between, we are here to help small to mid-sized businesses with their cybersecurity practices. Please give us a call today at 516-876-8200 to set up your assessment appointment.