How to leave email hackers empty handed
One simple way organizations can significantly improve their information security is to send email attachments as secure Box links that auto expire in 7 days.
Simply setting Box links to automatically expire in 7 days radically reduces the “threat surface” of email borne content. What many don’t realize is that the email data loss threat has less to do with the message in transit as it does with the message at rest. As the news remind us, a single email system breach will yield years of confidential communications. However, if attachments are delivered as self-expiring 7 day Box links, the security implications are significantly mitigated. Imagine how history would have been different if the U.S. State Department WikiLeaks breach hadn’t represented 40 years of communications, rather one week (more on this).
Although sending attachments as Box links is an effective security strategy, the real challenge is user adoption. Users do not want the extra work of copying a link. Fortunately, technologies like mxHero allow organizations to centrally configure the automatic replacement of attachments with secure, self-expiring Box links (e.g. 1, 7,…X days or never expiring).
The other concern is the adoption by the recipient of the Box link. Box links can be delivered requiring authentication. Although this is a powerful security measure, it requires the recipient to have a Box account — which can be a free account. However, this can be too much to require of a recipient and a potential risk, especially when the recipient is a customer or prospect. For this reason, the automatic delivery of attachments as open but time limited Box links provides an ideal mix of non-disruptive communication and more security than most people realize.
Going, going, gone… :)
Originally posted to Medium