Sharing Files through Email Comes with Considerable Risks

Sharing Files through Email Comes with Considerable Risks

Email is a great business communication tool because it’ss fast, easy to use and inexpensive. However, its evolution into a de facto file-sharing application has also made email a potential liability.

It has become a globally common practice to share information with coworkers, partners and customers by attaching files to email messages. Unfortunately, this has effectively turned email systems into huge — and unsanctioned — data repositories. According to IDC researchers, roughly 60 percent of all business-critical information is now contained in email systems that simply weren’t designed to securely hold sensitive and confidential information.

In fact, email is now considered to the most likely source of data breaches across almost all industries. Email attachments have become the most common vehicle for the propagation of phishing attacks and malware infections that allow cyber criminals to gain access to systems and data.

Nearly nine out of 10 organizations were targeted by email fraud in 2017, according to a study that analyzed 160 billion emails delivered to 2,400 global companies during the past year. Attacks were equally prevalent among large and small businesses. Most attacks involved spoofed emails purporting to be from individuals within the company that tricked recipients into clicking on attachments with malicious payloads. PDFs were the most common file types used in these malicious attachments.

There are certainly a number of security measures companies can take to help secure email attachments. Continually educating employees about the dangers of phishing and malware is an absolute must. Many organizations also create policies that block attachments with dangerous formats such as executable (.exe) files or password-protected zip files. Others employ multiple antivirus engines to scan attachments for potential threats.

However, hackers are increasingly able to evade traditional antivirus solutions designed to identify threats by spotting distinct patterns, or signatures. Today’s most advanced malware is polymorphic — adaptive and able to change the way it looks to evade signature-based detection. Using so-called “packing and crypting” methods, attackers can repeatedly change a malware file on a binary level, making it look different to antivirus software.

Addressing these new threats requires advanced malware detection solutions that can identify new malware as early as possible. Solutions such as Threat Detection and Response (TDR) and APT Blocker from WatchGuard are designed to identify threats by looking at how the malware behaves, instead of relying on a database of known malware signatures.

Even these security measures don’t eliminate the limitations of using email for sharing files. Misaddressed emails can put sensitive information in the wrong hands. File size limits can prevent delivery. The lack of file synchronization capabilities can lead to confusion about file updates.

Organizations should also discourage the use of attachments with an enterprise file sync and share solution such as Datto Drive. Datto Drive was built from the ground up for businesses, creating a secure, centralized content repository. That is in contrast to consumer-grade public cloud platforms that don’t give your organization any control over individual user accounts.

The ability to securely share files is a business imperative, and traditional email systems are no longer sufficient for the job. Give us a call to explore your options for enhancing email security, and to investigate how a business-grade file sync and share solution might offer additional security and better control.


Just released our free eBook, 20 Signs That Your Business is Ready for Managed ServicesDownload
+