By Brad Spannbauer
Senior Director of Product Management
You don’t need to be an IT or cybersecurity professional to know that it’s becoming increasingly difficult to protect sensitive information against the ever-advancing skills of cybercriminals. Recent high profile data breaches from the likes of Equifax, Instagram, and Verizon have done little to stem the flow of negative news stories about how major organizations are continually failing to protect their customers’ data.
Consequently, consumers today have every right to be wary about handing over their information to companies, particularly those operating in high-risk verticals. According to the most recent Data Breach Investigations Report (DBIR) by Verizon, the three most breached industry sectors in 2017 were financial services (24%), healthcare (15%), and the public sector (12%).
The report also reminds us that, despite what we see on the news, it isn’t just big brands being exposed. In fact, 61% of data breach victims in 2017 occurred in organizations with fewer than 1,000 employees. This should serve as a stark reminder to all organizations that data breaches do not discriminate.
In a world rife with cybercrime, businesses need to be proactive in guarding every aspect of their digital environments. Maintaining secure communications is an essential part of this process; as history has taught us, failing to do so can hurt a business’s reputation, its compliance with government regulators, and ultimately, its bottom line. So starting with most common forms of communication in commercial environments today – email, text messaging, and fax – what can organizations do to stay secure?
Email – Email is the primary method of communication for most organizations today, so it should come as little surprise that it is also one of the leakiest conduits of information. Many organizations spend time building defenses around their organization, but often fail to recognize the risks within – research by IBM suggests that 95% of all security incidents in 2016 involved human error. Misaddressed emails, weak passwords and falling prey to phishing schemes are prime examples of how data breaches can occur due to carelessness or lack of proper education.
The first step to maintaining secure email across a company should be thorough staff training. Regular training – such as being taught to recognize phishing attempts, being made aware of malicious links and attachments, and being encouraged to create complex passwords that are difficult to guess – helps avoid internal errors, and minimize mistakes that can give hackers access to the information they want.
Text messaging – Text messaging is a fast and convenient line of communication, but is it secure? Much like email, text messaging is only as secure as the policies that surround it, and the people who use it. Organizations that allow text messaging must implement secure messaging policies that govern the use of text messaging to send and receive company-related data. As a minimum requirement, these policies should include the following steps:
- Deploy a secure mobile messaging app company-wide, across all company-issued mobile devices.
- Implement a policy that any employee who uses their personal device to transmit, view or store company data, must do so via the secure app.
- Conduct employee training on how to use the app, the company’s text-messaging guidelines, and what to do if a device is lost or stolen.
Fax – Last but by no means least, there’s fax, the document transfer protocol that many businesses – particularly those in regulated industries like healthcare, financial services, and law – still trust and rely on every day. Faxing can be secure, but often isn’t, due to the fact most businesses still use archaic systems and processes that few IT departments give much thought to.
Traditional, paper-based machines can present major vulnerabilities. For example, paper documents left sitting on an office fax machine or multifunction printer can create both a security and compliance risk. The ‘images’ stored (and often forgotten) on a fax machine representing the documents it has transmitted also present a vulnerability because fax machine hard drives are typically not secured. Even an in-house fax server can cause problems if the server is not encrypted, which usually requires an extra expense to implement.
The solution here is to upgrade aging fax systems to a secure cloud fax platform. Cloud faxing allows employees to send and receive faxes using desktop email that utilizes sophisticated security protocols for both transmitting and storing fax documents.
Secure communication starts with company-wide education. By educating employees about the risks posed by the common forms of communication covered within this article, and providing the right tools to allow them to carry out their jobs effectively – and securely – organizations can spend less time worrying about data breaches, and more time running their business.