Your Unencrypted Data is a Gold Mine for Hackers

How often have you heard someone say “If you’re not doing anything illegal, then you have nothing to hide?” When asked this, I tend to respond with, “OK, then how about you give me the login credentials for all of your email accounts, including the ones you use for personal use?” I think of this as analogous to allowing a stranger to walk around in your house. Hey, it’s OK as long as you’ve got nothing to hide, right? The point is that, no matter what is contained in our electronic data, most of us want peace of mind in knowing that it isn’t being accessed by unauthorized individuals.

This concern for privacy doesn’t just apply to individuals. It applies to businesses as well. Businesses rely on electronic communication to send sensitive information such as invoices, employee records, financial reports, and other confidential data. In fact, businesses currently send more than 100 billion emails each day, and that number is projected to skyrocket to almost 140 billion emails a day in another year. If this information gets into the wrong hands, it can lead to devastating losses for the company, as well as damage to its reputation. For example, in 2013 and 2014, Target suffered breaches of approximately 110 million customer records in two separate attacks. Earlier last year, a security expert discovered that 272.3 million accounts had been stolen from Google, Yahoo, Microsoft, and Mail.ru (Russia’s most popular email service). In 2013, Yahoo suffered a breach that is believed to have impacted over 1 billion users. In September of 2016, at least 500 million Yahoo user accounts were compromised in a massive data breach that may have included names, email addresses, phone numbers, birthdates, and hashed passwords. In 2012, 165 million LinkedIn accounts were compromised. Though different attack vectors may have been used in each of these cases, the targeted information could have been safeguarded if it had been encrypted. Moreover, all it takes is for one host to be infected with malware to allow the interception and eavesdropping of confidential email content.

Breaches perpetrated by hackers aren’t the only threat to a company’s data. User error also poses a significant threat. According to the whitepaper “Content Encryption – Key Issues to Consider” from Osterman Research, these examples of users mistakenly sending unencrypted content were cited:

  • An employee at Nationstar Mortgage mistakenly emailed copies of customers’ W-2 forms to an employee at Greenlight Mortgage, revealing Social Security numbers, names, addresses and other sensitive information.
  • 845 patients of Tulare County Health received information on how to access protected health information (PHI) via the administration’s medical portal due to an employee mistake.
  • Graduate students at the South Dakota School of Mines and Technology were inadvertently sent an email attachment that included the student identification numbers, grade point averages and other information of about 350 fellow students.

The costs of not sufficiently protecting your data are high. The findings from a study conducted by the Ponemon Institute show that the average cost of a security breach in the United States was $201 per compromised data record – $32 for detecting the breach and notifying the affected individuals, $55 for damage control costs including legal fees, investigations, fines and remediation, and $114 in loss of business due to customer abandonment. Regulated industries such as healthcare and financial services have the most costly data breaches due to fines and the higher than average rate of lost business and customers. In addition to financial losses, companies may also suffer damage to their reputation.

How could these incidents have been prevented? If these businesses had encrypted their data, they could have prevented unauthorized access to confidential information in the event of a breach. Encryption helps protect corporate and financial data of companies, as well as the personal data of their employees and customers. When data is encrypted, even if a user’s account has been hacked, the data would still be unreadable. Encryption also helps companies meet strict regulations such as FERPA, GLBA, and PCI compliance. Encryption solutions also offer the benefit of proof of identity when email messages are digitally signed, ensuring that the message is authentic and verified as having been sent from the purported sender.

A common misconception about email encryption is that it is only needed for larger businesses; however, small and medium size businesses are targeted just as frequently as large ones, and often can be affected much more severely in the event of an email hack. While a larger company may be able to financially survive a breach (but still at significant loss), a severe data breach could put a small company out of business. This is just one of many reasons why encryption is so important.

One of the most common challenges for email encryption is that it has had a reputation of being difficult to use, often requiring cumbersome key exchanges and extensive configuration. MDaemon’s client-side encryption feature (via Virtru) and server-side encryption (via OpenPGP) were designed for convenience and ease of use.

Virtru’s client-side encryption service is built into WorldClient, MDaemon’s webmail client. Setup is as easy as checking a box and verifying your identity. Once enabled, you can simply follow the steps outlined on this page to encrypt your messages. For server-side encryption, MDaemon’s OpenPGP settings make it easy to automate encryption of messages as they pass through the server. Administrators can follow steps outlined in this knowledge base article to enable OpenPGP, configure who can use it, and create keys for their users. This post includes a tutorial video on how to use the OpenPGP features in MDaemon, including how to encrypt an email message using special commands in the subject line, as well as how to automate the encryption process using the content filter.

No business is too small to protect its sensitive data from theft. If you’d like to ensure your company’s emails and attachments are safe, you should always encrypt. A few extra steps now can safe a great deal of headache later.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Happy New Year 2017

187567849

2016 was an exciting year for Alt-N Technologies as it marked the 20th anniversary of the MDaemon email server for Windows and our ongoing efforts to bring affordable, secure, and reliable email and email security software to the small-to-medium business segment. And as many of you know, a lot has changed in the last 20 years. One thing that hasn’t changed over the years is the ongoing threat of people trying to use email as the primary method to attack an organization or steal personal information.

Like any form of communication, it can be used for good or bad. Unfortunately, when email was initially developed, its creators didn’t anticipate the ways bad actors would exploit the technology through methods like phishing, hacking, and launching disabling applications like ransomware, Trojans, etc.

On this front, Alt-N will continue its efforts to improve the security and privacy of email with features like the ones we added in 2016, such as two-factor authentication, client and server-side encryption, and others.

2016 also reflected changes the industry continues to see in the area of deployment options. We saw some resellers and customers turning over the management of their email to MSPs (Managed Service Provider) or other third-party providers. The driver for this behavior varied by customer and industry but can be summarized by the desire to move hardware and software costs from capital expenditures (CAPex) to operational expenditures (OPex), with pros and cons to each approach. Alt-N worked with many existing and new channel partners to see MDaemon Private Cloud hosted email services introduced into new markets like Africa, Asia Pacific, and Latin America with continued growth in existing markets like North America and Europe.

With regards to hosted email services, we also received growing requests from direct customers asking Alt-N to manage their email. In response, Alt-N launched its own service using the MDaemon Private Cloud version of the software by introducing WorldClient Private Email for Business. With this new service offer, we have been able to meet the needs of direct customers who want us to manage their email, such as a 600-user customer who chose our service and support after having a large Office365 reseller attempt to convert them away from MDaemon!

For 2017, we will look for sales growth in new and emerging markets while working hard to earn and retain the loyalty and support of our existing customers. We will continue our efforts to add valuable features to MDaemon and SecurityGateway for Email Servers as those products remain the focus of our development efforts. We will be working on improving features that support cloud-based deployments while keeping a close eye on the needs of customers who want the control of on-premise and hybrid environments. And we will continue to look for new ways to enhance and bring value through our partnerships with complimentary vendors like MailStore, as well as seek out new technologies and vendors to make integration with our software simple and easy to use.

As we begin 2017, we want to express our sincere gratitude to those customers and channel partners who have helped Alt-N Technologies grow these past 20 years. We also look forward to earning the business of new customers and partners as we work toward a successful 2017.

As always, we invite you to tell us what you think by sending us your feedback. You can reach me directly at kevin(dot)beatty(at)altn(dot)com.

Happy New Year,

Kevin

 

 

 

Kevin Beatty
VP, Marketing & Business Development

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •