When we consider the security of our business technology, we often think of scams or phishing e-mails. These get easily shrugged off, as we assume no one would fall for e-mails that simply ask for money or state other falsities such as your having won a lottery in which you never participated. If we were to list the actual security threats of the companies, you would be surprised. The #1 data security incident reported in 2017 was misaddressed e-mails. Something as simple as typing too fast, or misspelling a person’s name can have huge repercussions for your business. The scary thing is any employee, at any moment in the workday, could make this terrifying mistake.
Two major issues result from misaddressed e-mails. One is the result of your e-mail being accidentally sent to the wrong person. Now, some person has information that wasn’t meant for them. This could be as small as a secret joke about the boss, or as treacherous as spreadsheets with a department’s payroll information. Either way, this simple mistake could have enormous consequences.
The second major security issue results from a more sinister adversary where something you send is accidentally delivered into their eagerly awaiting hands. This is known as “doppelganger domains,” where websites are similar to legitimate ones. These similar websites are bought for the entire purpose of capturing your misaddressed e-mails. How many misaddressed e-mails could there be that could do damage to the integrity of your business? Research shows in one case using only two researchers, in six months time, they managed to capture 20 gigabytes of information from various Fortune 500 companies.
The e-mails they captured contained various levels of confidentiality that ranged from employee username and passwords, to even legal documents such as contracts or affidavits. The scary thing is that while a company could catch an e-mail and be working on improving their security, it could be all too late. After a hacker has confidential information such as passwords and usernames, or payroll accounts, the business has all but already handed over the reins. Anyone of these items could be dangerous enough to seriously endanger the business, but all together? The outcome could be catastrophic.
If you were on the receiving end of an e-mail that was not meant for you, what should you or your employee do? The New York Times recently answered this question with the following recommendation, ”If the message appears life-threatening or otherwise very important, then you have a moral responsibility to reply back and try to get the e-mail where it was originally headed. If the message is not life-or-death, you can safely ignore it. That approach means you don’t punish people in need, but otherwise, you let Natural Selection do its thing on people who can’t be bothered to check e-mail addresses.”
Knowing the dangers of misaddressed e-mails is only half the battle. What can we do to prevent it and protect the integrity of our business? Basic e-mail policies are key to improve the security of your business. To do this, you should encourage the use of strong passwords, so they can’t be easily guessed or forged. Secondly, you should ask employees to memorize their passwords (rather than write them down, as this poses another security risk). Thirdly, remember to change their e-mail passwords frequently–it is recommended to do so every two months.
Training, in regards to e-mail and internet etiquette, go hand in hand with your business’s e-mail policy. Training should show employees the importance of always remaining vigilant in attempts to catch e-mails that carry malware or phishing attempts. To achieve this objective, employees should avoid opening attachments or click on suspicious links. Secondly, employees should be suspicious of clickbait titles and check their e-mails for names of unknown senders to ensure they are legitimate. Lastly, train employees to look for inconsistencies or style red flags, simple grammar mistakes or excessive or unusual punctuation.
Businesses do have other options in dealing with doppelganger domains. A study done by the University of Cape Coast shows that companies can buy their own doppelganger domains, thereby maintaining the integrity of their business. The research goes on to state that the business should “set it up so that when a message is received, it will automatically send out a failure notification. Awareness of the issue should be raised among employees.” This could capture any e-mails accidentally sent to the wrong address, and thereby maintain the business’s integrity.
After establishing good work policies for e-mails, there are further steps that you can take to ensure the safety of your business’s confidential information. Similar to how Grammarly checks for spelling and grammar issues, you can check for doppelganger domains. CheckRecipient is a next-generation e-mail security technology to prevent highly sensitive information from being sent to the wrong people. CheckRecipient uses artificial intelligence and machine learning to analyze historical e-mail data and automatically identify anomalies and mistakes in outgoing e-mails which may result in inadvertent data loss. Some of the world’s largest organizations rely on CheckRecipient’s technology across the financial, legal, professional services and biotech sectors.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”