How Blocking All Email Attachments Can Keep Your Organization Safe
The Best Way to Breach Defenses is by Being Invited Inside.
In the digital age, the threat of an unwelcome guest is greater than ever. Phishing (convincing users to give personal information through deception) is one of the most notable, and widespread forms. Executive fraud phishing takes it a step further with the malicious entity posing as a corporate executive, which lends urgency and authority to their requests for money, further access, or sensitive information.
However, another very common form of email-based infiltration is through malicious attachments. These are often disguised as important documents to trick people into opening them without thinking. As quoted in Forbes, Helsinki-based security firm F-Secure notes that about 85% of malicious emails have a file attachment belonging to one of five of the most common file types (.DOC, .XLS, .PDF, .ZIP, or .7Z). You would think that users would be savvy enough to think twice and notice inconsistencies in these threats, but F-Secure notes that roughly 14.2% of people do click on them. These malicious infiltrators are out in force, and their tactics are still effective. Why break a window when a knock on the door will do? There’s a vast array of strategies designed to improve security, but here’s a new, incredibly simple idea that makes more sense than you’d think.
The Solution? A Radical Security Shift That’s Easier Than You Think
With email being so widespread, it’s easy for malicious attachments to slip through the cracks. Furthermore, the fact that email is so basic means security can only extend so far.
The idea of blocking all email attachments sounds like a dramatic decision, but doing so and shifting to a secure file share system may be the best way to keep your organization safer. The ideal secured file share solution has measures such as two-factor authentication, password protection, and the encryption of the files being sent.
A solution which blocks email and requires authentication from the recipient eliminates the common attack vectors that malicious attachments target, while solving the security risks of other file sharing platforms. If an email with an attachment was to be sent, it would be caught and the sender would receive an automatic response to the effect of, “I cannot accept any emails with attachments for security purposes. If you must send me something, please use this link.”
However, to make an idea like this work without disrupting operations, not just any file sharing system will work. The most common file solutions are simple open download links to access an uploaded file. The link is easily sharable, which makes these systems just as vulnerable as an email attachment. It’s not hard for a malicious actor to upload a malicious program and send the link to employees who download it without thinking twice. The ideal solution requires the sender and receiver to authenticate with each other (two-factor authentication). This helps ensure the veracity of what is being shared, and who is sharing.
Simpler exchange solutions don’t all have an expiration date either. This leaves files out in the wild to be happened upon much later. For example, when the file sharing system Megaupload was shut down in 2012, it still had files that had been uploaded shortly after the service went live in 2005.
While a solution with this ease of access and longevity is ideal for a band’s self-produced debut album, it is a massive security risk for sensitive company and client data. This is especially true when considering that HIPAA, FERPA, SARBOX/SOX, and GDPR requirements mandate fines for those who transmit information using unsecured means.
As a secured system becomes more complex it is often perceived as more of a hassle, and the number of employees who will avoid using it increases. Malicious actors often choose easy targets and will exploit any weakness. Security is only secure when it is followed. Your best choice to ensure security is to choose a platform that is easy to use while retaining strong security.
XM SendSecure: A Revolution in Secure File Sharing
XM SendSecure is an enterprise-grade secure file exchange solution designed to be easy to use and adaptable to any industry’s needs. It requires two-factor authentication, while automatically encrypting and virus scanning the files it transmits. It’s designed to keep the information secure while taking the burden off of the user with features like – mobile device and web applications, no requirement that recipients have an account on the service, and integration with Outlook and multi-function devices.
In addition to making your organization a harder target, XM SendSecure is able to send much more information, offering a staggering 5TB limit per file. Each transaction is not limited to a single file either, which means that sending vast amounts of data safely could not be easier than with XM SendSecure.
Reach out to us to learn how XM SendSecure can facilitate easy and secure file transfers to keep you and your company safe.