One of the (many) revelations to come out of the Sony hack fiasco is that as a collective population we often don’t think twice before hitting send on an unprotected email.
For instance, as news of the Sony hack began to unfold late last year, we saw reports of leaked emails containing candid (and not-so-nice) thoughts about celebrities, credit card numbers, passwords and more. The fact that executives were comfortable sending this information unprotected shows there is a serious gap between how email privacy is perceived and the reality of email security.
With all the information at our disposal about the risks of unprotected email, why do so many people in an organization — from CEOs to interns — still send unprotected email without giving it a second thought?
The “It Won’t Happen to Me” Mentality
You always hear stories about people not getting car insurance because they don’t need it. They think “I’m a careful driver, so I won’t get in an accident.” But they immediately regret that decision when they get in their first fender bender.
Every day in business you’ll find employees who subconsciously take the “it won’t happen to me approach” and, when sending emails, believe only the intended recipient will read their message or sensitive information.
In reality, sending an unprotected email is a lot like putting a postcard in the mail, in that the contents can be read along the way to the recipient. However, the information contained in company emails is a lot less frivolous than the “Hello from Hawaii!” greetings found on the back of a postcard.
It’s important to create a work culture that places security well before risk and provides an easy way for employees to make the decision to take the “better to be safe than sorry” approach.
Lack of Awareness about Security Risks
In general, most employees aren’t aware that “bad guys” can intercept their email through a man-in-the-middle (MITM) attack — just one of the many weapons cyber-thieves have in their arsenal.
MITM attacks come about by thieves taking advantage of vulnerabilities that allow them to see transmitted data in clear text. For instance, with the “Heartbleed” bug, as many as 10,000 sites were affected by the security flaw that allowed hackers to steal valuable data even when HTTPS was enabled (and users thought their traffic was secure).
This is where employee education comes into play. The more informed employees are, the more likely they are to take the appropriate steps to secure email.
Sending Sensitive Emails Unintentionally
When sending dozens — if not hundreds — of emails a day, even the best-intentioned employee may accidentally send out an unprotected email containing sensitive or personal information.
Companies need to adopt an approach in which all emails are protected to avoid any sensitive information slipping through the cracks.
If you have to ask, “Should I be encrypting this?” chances are you should.
When in doubt, look to Zix Email Encryption Services. Zix makes it easy to send encrypted email without inhibiting day-to-day workflow — it’s as easy as using a regular email solution and doesn’t let sensitive information slip through the cracks. With Zix, employees really won’t have to think twice before hitting send.