The best and most overlooked action for robust cybersecurity might be the least expensive
Originally posted on Data Driven Investor
Among the many challenges organizations face in 2020, cybersecurity (or the lack thereof) has dominated the news cycle. Ultra-sophisticated criminals are penetrating every type and size of company. In a recent article from Forbes, yet another threat has emerged from what seems to be a highly experienced crew who claim their latest ransomware, “DarkSide,” is the “perfect product.” According to the article, the group has already netted $1M in just two weeks.
A confluence of increased digitization, criminal impunity, and a dramatic increase in remote work has conspired to create a perfect storm for cyber vulnerability.
Yes, the house is burning
If you’re getting the feeling organizations are under siege and losing, your feelings align with the data. Data reveals that the majority of organizations have suffered a breach. [1] No particular security product or even a collection of them is stemming the tide. [2] A confluence of increased digitization, criminal impunity, and a dramatic increase in remote work has conspired to create a perfect storm for cyber vulnerability. So stacked are the odds against the organization that the cybersecurity strategies du jour are assumed breach, data deception, and concealment. [3] In other words, the criminals are getting in, time to hide what they are looking for.
As the article points out, it’s back to security hygiene basics. “You have to lower the attack risk, diminish the attack surface, make security a real business priority,” states the author, adding “Reduce your insecurity footprint and make things harder, not easier, for the cybercriminals.”
The use of email attachments generates a stunning 55,000 file duplicates on average per user per year.
The Best and Most Overlooked Action for Robust Cybersecurity
There is one often overlooked action that almost any organization can do very inexpensively to radically reduce data exposure and “make things harder” for the cybercriminals. In fact, not taking this action makes all other security efforts potentially futile. [4] The action is to stop using email for file sharing. More specifically, stop using email attachments. No other technology replicates your sensitive data more. The use of email attachments generates a stunning 55,000 file duplicates on average per user per year. [5] No other technology provides so little protection. Email attachments are entirely unprotected. A message sent to the wrong recipient or a breached email account offers unrestricted access to every file it carries without any visibility or control by the file’s owner.
Instead of email attachments, share with cloud storage file links
Of course, email is the lifeblood of most organizations. Stopping file sharing through email is akin to throwing the “baby out with the bathwater.” It’s impractical. Fortunately, the alternative is readily available to nearly every organization, namely, cloud storage file links (e.g., Box, OneDrive, Egnyte). In stark contrast to email attachments, cloud storage file links don’t replicate data and provide powerful access controls, revocation, and encryption. Consistently sending files as secure file links will reduce an organization’s data exposure by around 90% when compared to standard email attachments. [5]
Game-changing cybersecurity that costs you next to nothing
For most organizations, using cloud storage links in email doesn’t require any additional expense. Either the organization already has a business-class cloud storage subscription, like Box or Egnyte, or storage is already included in its productivity suite — OneDrive (Microsoft) or Google Drive (GSuite). Realizing the immense benefits of switching from email attachments to cloud storage links becomes “simply” a matter of consistent user adoption.
Solving the User Problem
Of course, most cybersecurity efforts fail due to a lack of user adoption. [6] Fortunately, the major email providers (Microsoft, Google) are making it easier to send files as secure file links. Other low-cost tools, like mxHero, help organizations to ensure that attachments are converted to secure Box, Egnyte, Google Drive, or One Drive links without user intervention while working uniformly across all devices.
It takes a crisis
Often it takes a crisis to force us to undertake the steps needed to resolve long-standing problems. In times of crises, organizations that adapt to better practices, not only survive but exit the crisis even stronger. As unprecedented challenges grip the world, today’s problems present an opportunity for organizations of all sizes to end their dependency on the antiquated and dangerous email attachment-based file-sharing model. Email attachments met the nascent demands of the early Internet decades ago, but it is terribly insecure and indefensible in today’s digital world. Now is a perfect time to kick the age-old habit and emerge stronger than ever before.
Sources