Do You Use Your Email Service as a File Store?
Attorneys preserve and protect large amounts of confidential information on behalf of their clients. Filing cabinets are rapidly being replaced by hard drives. The majority of attorneys use email as their primary form of communication and document exchange with clients, and many use their email client as a file repository.
According to the 2013 ABA TECHREPORT, 57% of law firms do not have an email use policy and 76% of law firms do not use encrypted email.
One of the most common cyber-attacks occurs against email. Typically, when such an attack occurs, the hacker looks through the contents of the mailbox and extracts items of value for sale or extortion. This is especially true for spearfishing attacks, where a hacker targets a specific person believed to have valuable information.
What might a hacker find in an email account if they had access? This will vary depending on the target in the firm, but some examples could include:
• Personally Identifiable Information (PII) of clients
• Merger and acquisition offers
• Financial records and statements
• Business IP and trade secrets
• Sensitive photos or videos
Why are hackers able to obtain this information? In part, it is because people use email as a file store for documents. People receive sensitive information via email that they want to find easily later, so they just leave it in their email inbox.
Currently, there is not a simple solution to this problem. However, encrypting your email is a good place to start, so that hacking your account is more challenging. Unfortunately, the encryption shouldn’t be the kind where if you enter your webmail password the system magically decrypts your emails for you. Otherwise, if the hacker gets your email service to reset your password, the attacker has access to all your unencrypted, unprotected information.
If you have to use email to transfer sensitive information, the recipients should remove it from their email accounts upon receipt. The email should be deleted and the trash should be emptied promptly. In addition, the sender must delete the email from his or her sent mail and trash also. That way, if the email service is compromised, the amount of data that is lost is dramatically reduced.
A further solution is to find a truly confidential way to securely send, receive and store messages and attachments, such as the email alternative that is now available from Absio.
Want to find out if your email communications are private? Review and download a copy of the Private Email Questionnaire.
Looking for a truly confidential email alternative for your firm? Learn about Absio Dispatch.
This content is advertising.