Few words can make your heart sink faster than, “Hey, I think this message was meant for someone else.” And it’s one thing when a personal text message winds up in the wrong hands because “Mom” happens to be next to “Monica” in your contacts, but it’s quite another when it happens at work. As both regulatory bodies and organizations themselves become more serious about data protection, the consequences of accidentally leaking data—most commonly through misdirected emails—can be much more serious.
Fortunately, organizations are beginning to realize the extent to which this problem affects them. Over 70% of executives believe their organization has experienced an accidental internal breach within the past five years. Almost half (44%) think this happens when using company email accounts. The connection between these two statistics is clear, and has led to increased recognition for a new and necessary layer of cybersecurity: human layer security.
Email remains remarkably vulnerable
The rise of business email compromise (BEC) attacks has highlighted the vulnerability of email. BEC attacks prey on employees who are distracted, or unobservant, or just plain busy by impersonating a manager or company executive and asking them to do any number of things ranging from filling an invoice to providing administrative network credentials. The perpetrators of BEC scams understand how to make their messages look legitimate, and most people don’t thoroughly scrutinize every email they receive. These scammers only need to be successful once to see a potential payday—or to infiltrate a network.
The prevalence of BEC attacks clearly illustrates the risk posed by erroneous emails. The FBI has issued multiple warnings about these scams, with losses from BEC attacks now totaling over $26 billion. Regulatory and governmental bodies have begun to take notice, as well—email security factors heavily into the new California Consumer Privacy Act (CCPA), which carries heavy penalties for noncompliance. With other states beginning to follow in California’s footsteps, implementing ways to better secure data shared by email has become a high priority for organizations.
Human-layer security produces encouraging results
They say the first step toward solving a problem is…
Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector
As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to repor…