Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Capstone Works Blog

Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Avoid These Massive Cybersecurity Missteps in Your Email Inbox

Avoid These Massive Cybersecurity Missteps in Your Email Inbox

We all use email almost every day for work. Day after day, week after week, our inboxes are flooded with notifications, password resets, correspondence, invoices, marketing stuff, and countless other types of information. Have you ever thought about what a cybercriminal could accomplish if they had access to your email inbox?

Your Email Inbox is a Cybersecurity Nightmare

I want you to do a quick experiment for me. Log into your email, and just do a search for the last four digits of your Social Security number. Dig into the results and see if you can spot your own Social Security number in an email or document. 

We did a very unofficial poll, and found that about three out of five people had their own Social Security number in plain text in the body of an email or within an attachment stored in their email. Search for the word “password” and see what comes up. 

You get the idea.

The average worker’s email inbox can potentially contain very sensitive personal information that, when in the wrong hands, can be devastating. If your business has to gather some of that information, things like credit card numbers, bank account info, or other sensitive information, you likely have very strict and specific rules for collecting and storing it. However, those who communicate with your employees might not know about, understand, or care about the rules and compliance standards you have to meet.

In other words, those that you work with can potentially email you sensitive information without realizing that they are making you accountable for their own risk.

The problem is that if your business suffers a data breach where an employee’s email is compromised, you are putting your customers at risk, and you can’t turn around and say, “Well, you shouldn’t have emailed us your bank account information, that’s on you.”

Even worse is when the business doesn’t have clear secure channels for their customers to provide sensitive information, and they just take everything over the phone or over email. Either way, we’re looking at a huge potential disaster that’s being propped up by (hopefully) a strong password and maybe some multi-factor authentication.

How Could My Email (or My Employees’ Inboxes) Be Breached?

An email inbox is basically the crown jewel of personal information for a cybercriminal. If someone has access to your email inbox, it means they can reset any password they want that’s associated with your account. They can often bypass some two-factor authentication systems, especially those that just use email for authentication. They gain access to all of your contacts, correspondence, and a huge wealth of information about you.

We’re going to come right out and say it; the average person’s digital hygiene is atrocious. From weak passwords, to using the same password across multiple accounts, to just adding a number at the end of the default password you were assigned; the average person sets themselves up for failure. 

Weak passwords are extremely easy for a cybercriminal to crack, and using the same password across multiple accounts puts the security of one account in the hands of some other service. If you use the same password for your email as you do your Amazon account, and Amazon suffers from a data breach, then your email is essentially fair game.

But I Have a Very Strong Password, and I Use Multi-Factor Authentication

Believe me, we thank you for being vigilant. It’s a huge help, and we hope that your efforts prevent you from having to deal with a cybersecurity attack.

But I have some bad news.

Strong passwords and MFA aren’t enough. It’s a lot, and it will definitely slow the bad guys down, but there have already been proven cases where cybercriminals have slipped around two-factor/multi-factor authentication.

There are the “obvious” ways—by tricking a user into sharing their MFA code using over-the-phone verification, or just taking advantage of MFA fatigue by sending lots of MFA requests until the user slips up. Even scarier is a tactic called Session Hijacking. 

Session Hijacking is where a cybercriminal is able to access a user’s internet activity through some other type of attack. Usually by infecting a user’s PC with some very sneaky malware or tricking them into falling for a phishing attack, the cybercriminal is able to trick any service into thinking that they are the user, and still logged into their email and other accounts. This means the multi-factor authentication is never triggered and the cybercriminal gets access to everything.

Your Email Inbox Isn’t for Archiving Sensitive Information. Stop Doing It.

We’re all a little guilty of this. I even rely on my email’s search feature to pull up older conversations and correspondence. Most businesses use some sort of CRM or line-of-business application where customer information is securely stored, but sometimes, a quick search in your email is a little more convenient. 

This means users need to be aware of sensitive information when they receive it, ensure that it is handled appropriately, and then delete it from their inbox. That means filing it in the proper way, securely, and not transmitting it or storing it in insecure ways, such as email. Obviously, you’ll need to review your company policies and your industry's data retention regulations, and if you do business in different states or countries, you’ll need to be familiar with anything else that you might fall under. Still, your inbox isn’t a secure storage medium, and your company likely has an official way of processing and storing sensitive information. If not, it’s time you implement one.

Your clients and vendors and other people that you communicate with aren’t always going to treat sensitive information in the right way, and that means you need to step up your game to make sure you aren’t on the hook for those you communicate with if something goes wrong.

What Constitutes Sensitive Information?

Sensitive information consists of anything that can identify a person, such as names, addresses, contact information, photo IDs, Social Security numbers, and any sort of financial, criminal, or medical information. It also includes passwords and any sort of authentication methods, and anything that could be used to identify or track an individual.

Capstone Can Help Secure Your Business

Don’t let a cybersecurity threat ruin your profitability. We help businesses throughout central Texas make sense of their IT. Believe us, even though technology is getting more and more complicated, your business can gain a lot of value from it when it’s working properly and your staff has the tools they need to operate your business effectively and securely.

Want to discuss how we can help? Give us a call today at (512) 343-8891 to set up a free consultation.

Benefits of Local Austin IT Consulting Services
The Complete Guide for Identifying Cybersecurity T...
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, November 07, 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

SCAMS Cloud computing COVID-19 Broadband IoT Co-managed IT business continuity Network Security Quick Tips Computer Cloud services Delightful Saving Money January 28 password protection Health spam Business continuity sports teams Data Privacy Day Business Continuity Gadgets 2FA Compliance Saving money Data employees User Tips Servers Email Break/fit Disaster Recovery cloud Cloud Computing Common password content Marketing Vendor cybersecurity Mobile Office right time IT support Security Internet File Folder AutoCAD Software phishing Microsoft Office 365 smart devices Technology AI web application Data Recovery Cloud Communications Backup accounts need hackers devices Workplace Strategy Communication Innovation 365 features Efficiency Productivity Remote Work application employees download Engineering Clutch cybersecurity tools Managed IT EMR Architect IT Managed Service Business Cybersecurity Remote Passwords Hardware VoIP Small Business Hosted Solutions Best Practices Privacy HIPAA Outsourced IT Windows comprehensive IT Tip of the Week business owners UPS Managed Services Malware Disaster Planning Server Network Shadow Users managed IT Apple Content Filtering AWS media accounts Current Events Workplace Tips Cyberattack Tech Support surge protection business Password Two-Factor Authentication Recovery IT Services Ransomware New Year Passwords today IT Support high-threat environment Microsoft Workplace Strategies best practices Remote Workers Microsoft Teams Social Media Microsoft Office BDR

Latest News & Events

Capstone Works is proud to announce the launch of our new website at https://www.capstoneworks.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Capstone Works can do for your business.

Call Us Today
Call us today
(512) 343-8891

715 Discovery Blvd
Suite 511

Cedar Park, Texas 78613