It is with tongue in cheek that I first sat down to write about Clean Out Your Inbox Week, January 23 to 27, 2017. Productivity expert Marsha Egan started the annual event a decade ago with the idea of starting off the new year with an empty inbox and a fresh outlook. However, when I began looking at the facts around email and the origins of some well-known cybercrimes, I realized this week could provide an important check in for businesses handling massive amounts of internal and external communications, and an opportunity to start the new year using security best practices around email communications.
We Are All Inundated…and Vulnerable
If you look right now, how many emails are in your inbox.
In 2016, the number of business and consumer emails sent and received per day totaled more than 215.3 billion. This figure is expected to grow at an average annual rate of 4.6 percent over the next four years, reaching more than 257.7 billion by the end of 2020, according to the Radicati Group’s Email Statistic Report, 2016-2020.
While there is an increased use of many other forms of communication, such as text messages, chat and social networking, the report points out; email continues to be the leading form of business communication. Email addresses are essential for almost every kind of communication including social networks, online banking and shopping, and they all want to email you a confirmation and weekly newsletter!
With this in mind, it is easy to see how thousands of emails can pile up in our inboxes. Or worse from a security standpoint, how we can let years of unarchived emails sit on an active business server.
Both are critical security issues for the enterprise.
Inbox Full of Malware
Malware, short for malicious software, is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems or display unwanted advertising. In 2016, malware reached new heights with strains that infected vulnerable IoT devices and subsequently constructed armies of bots – one such attack significantly disrupted internet access for the entire eastern region of the United States. How did many of those bots infect enterprise networks? Through email.
I expect in 2017 we will continue to see malware soar until we, as an industry, get a better handle on building innately secure devices, make educating on the topic as common as discussions about the latest viral cat video and drive a culture in which good data hygiene, including email management, is the norm, not the exception.
For now, be warned, malware wants to target your employees. The most common types of malware attacks are blended attacks, which often occur through email or involve email in some way. For instance, an email itself may not contain any malware, but it may include a link to a website that contains malware or an infected attachment. And let’s be honest, people like to click on links.
Educate employees on “safe clicking” habits and teach them how to spot the difference between a secure link and an unsecured link. Instruct them to hover before they click and if the link still seems questionable, encourage them to visit a website like unshorten.me ,or install a Web of Trust (WOT) browser extension to check the validity of the site. These resources provide the full link so users can easily see if the source is legitimate. Finally, teach employees to go directly to the company website via an online search. The key take away, Think Before You Click!
As an IT or cybersecurity professional, you may consider sending a few “test” phishing emails to employees at your company to see if they are heeding these valuable lessons, listening to your advice and cleaning up their inboxes!
Overall, employees should be encouraged to take the time to delete or block any suspicious looking emails and report them to their security or IT team – and to do it immediately.
An Archive of Emails
It’s not just malicious emails that pose a security risk. Old emails – especially those sitting on active email servers – can be a huge security liability. For the enterprise, this week is as good as any to confirm old emails are being moved off active business servers and moved to encrypted archives. Many industries have specific compliance standards that dictate how long electronic communications need to be stored. Confirm the standards for your industry and meet those levels. There is no reason to have 15-year-old emails taking up space on your server. In fact, it can be a huge risk for your company.
Not too long ago, a big company made headlines and felt the pain of having close to a decade’s worth of old emails at the disposal of hackers. If the emails had been archived and encrypted, the bad actors would not have had so much access to trade secrets, business negotiation details and other proprietary information, not to mention embarrassing internal company gossip.
If you’re not sure where to start, take a look at your inbox. Do you know your company archival policy? As an individual, you can take action today to help protect your business against cybercrime by cleaning out your inbox. If you’re an IT or security professional looking for a more comprehensive enterprise-wide solution, you may be best served by working with a managed security provider to help assess your current situation, including where your most valuable assets live.
Take this week as an opportunity to reset your email security standards.