top of page

The Problem with Email Attachments

The shocking data behind email and its attachments

In an attempt to quantify the potential risk that email attachments pose, we’ve uncovered a remarkable statistic that highlights the immense challenge and risk that email and its attachments pose to organizations worldwide. In a freely accessible report, the Radicati Group reported that an estimated 53 emails sent and received daily have attachments (source). Using simple math we calculated that a company with 1,000 employees, over the course of one year, would have sent & received a staggering 13,833,000 emails with attachments. Given that standard email provides no protection or recourse for file attachments, it is no wonder that organizations as such, are an uncontrollable sieve of information.

There is simply no way that organizations can secure such a vast quantity of content. The lack of file protection in email means that when an email server is breached, an employee’s device is misplaced, an email account is compromised, or a user accidentally forwards an email to the wrong person — those attachments are easily stolen. Furthermore, even the most hardened company has no influence on emails sent outside the organization. Add to this the fact that email content tends to be duplicated into backup systems and saved for years means that the accumulation of risk is truly an order of magnitude above our calculations. It is an additional irony that in many cases email attachments aren’t even opened by recipients. One experiment found that only 6% of recipients copied on a message actually opened the attachments (source). Despite never opening the attachments, these recipients had become one more point of potential content risk in the company’s ever growing data sprawl.

Source: Box & MxHero webinar 2016 (experiment presented by Crescent Electric)

Given the insurmountability of the problem, the only rational option is to get files out of email. Fortunately, this option is readily available in the form of secure cloud content management links from services like Box. By sending a Box link instead of the file itself, the company never really sends the file, rather only a link that is controlled, for example, who can access it, for how long, restrict to view only (no download), plus track and audit link usage.

Of course, although sending files as shared cloud storage links is a powerful solution for email security, the immense challenge of user adoption remains. How does an organization get users to always remember to send files as links? Even if users are so well trained as to remember to send only links whether on a laptop, mobile, or otherwise, what about inbound emails for which users have no control? Furthermore, how can an organization ensure that users put the correct link access restrictions required for the specific content — e.g. internal only access, or 7 days access expiration? The good news is that technologies like mxHero provide the automation necessary to automatically convert attachments, outbound and inbound, into secure cloud storage links while requiring nothing from the end user. Beyond immediate security benefits, organizations also significantly reduce the amount of data that is trafficked and stored, significantly reducing costs associated with network bandwidth and storage.

Email is here for years to come. With judicious and novel integration of new technologies like Box and MxHero, some of its most important shortcoming can be greatly mitigated.

Originally posted to Medium


bottom of page