Email Privacy Issues
The convenience, efficiency and practicality of email have made it the de facto communications vehicle of choice for businesses of all shapes and sizes. Just look at the statistics to learn how prevalent email privacy issues can be.
Email Growing in Popularity
- Email is used, in some capacity, by all Fortune 1000 companies.
- There are over 4.35 billion email accounts in existence — a figure expected to grow to 5.59 billion by 2019.
- Globally, there are 2.586 billion email users who send 122,500,453,020 emails each hour.
Email's popularity is only increasing, compared to other communication methods, such as social media. In fact, according to McKinsey & Company (2014), email is nearly 40 times better at obtaining new customers than Twitter and Facebook. And 42% of businesses rate email as one of their most useful tools for generating leads. At the same time, email is not without its unique set of challenges, particularly when it comes to privacy.
For example, an email message that is addressed to you can be stored at multiple locations, including on the:
- Sender's computer
- Server of your email or Internet Service Provider
- Company’s email (SMTP) server
- Receiver's computer
This means that deleting email messages from your inbox does not guarantee there aren't other copies that still exist somewhere. And unlike paper documentation, the digital nature of email messages and attachments allows them to be archived for long periods of time.
These factors, along with the rampant hacking of emails, present considerable concern for companies that use email to negotiate contracts, close business deals, share intellectual property, conduct private conversations with team members and exchange other types of sensitive and confidential transactions.
Privacy Issues: Regulatory Standards for Email and Data Protection
Safeguarding email privacy is not just a matter of protecting confidential corporate and employee data. For businesses required to comply with regulatory laws that enforce the protection of certain data privacy, keeping sensitive private is a matter of federal, state and local law.
Medical organizations, for example, must comply with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) when it comes to protecting electronic health information. Similarly, all Federal and State IT contractors must adhere to the Federal Information Security Management Act (FISMA), while publicly traded corporations must adhere to the Sarbanes-Oxley Act.
The National Institute of Standards (NIST) released a series of guidelines on how to implement email privacy safeguards to reduce organizational IT risk and ensure compliance with data security regulations:
- Guidelines on Electronic Mail Security
- Guide to Protecting the Confidentiality of Personally Identifiable Information
- Guide to Trustworthy Email
Millions of Dollars Lost Due to Email Privacy Hacks
Email breaches can be devastating to any organization and result in total chaos, financial loss and tarnished reputations. Consider the following:
- In 2012, a cyber attack against Saudi Aramco, one of the world’s largest oil-producing companies, deleted all or partial data from 35,000 computers, risking the company’s ability to supply 10% of the world's oil.
- In 2015, the average cost of damages caused by a data breach in the U.S. totaled $6.5 million, an increase of 11% over the previous year.
- The same study measured the effects of cyberattacks on 62 hacked companies from 16 market sectors and found that there was $6.5 million worth of 2015 damages, representing $600,000 increase in just the last year.
- A massive hack into Sony Pictures Entertainment email accounts that made headlines in 2014 cost a reported $460 million.
- Over 2014 and 2015, hacks into the email accounts of CEOs cost businesses worldwide more than $2 billion.
- The FBI reported a sharp increase in business-related email crime, with more than 12,000 victims worldwide and a 270% increase in the number of identified victims and exposed loss since January 2016.
Moreover, companies required by law to hire outside Incident Response teams to mitigate email breaches can expect to pay $350 per hour or more. While such charges can be annoying to enterprises, the cost can be financially crippling to small- and medium-sized companies that cannot resolve the breach in a very short time.
Avoid Email Privacy Issues by Choosing SolarWinds MSP (Formerly LOGICnow)
As privacy consciousness has increased among businesses, phrases such as “distributed data centers“ and “end-to-end encryption” have become the clarion cry for organizations that want to enhance email privacy and overall information security solutions. MSP Mail Protection is a cloud-based email service that supports these mantras by integrating seamlessly with any cloud-based or on-premise email infrastructure to secure email.
Key benefits of using MSP Mail Protection include:
- Secure archiving of data –MSP Mail Protection takes advantage of data centers distributed across multiple geographic locations to provide comprehensive security of stored messages. As messages are archived, they are encrypted and stored as tamper-proof read-only files. Users and administrators alike are required to use secure protocols (HTTPS, IMAPS, and TLS) throughout the entire email service. Additional security for Office 365 is available.
- Superior virus protection – going above and beyond traditional signature-based antivirus-protection offerings, MSP Mail Protection runs four anti-virus engines concurrently, and incorporates virtualization-based malware detection and zero-hour pattern-based defense against email-borne privacy threats.
- Real-time pattern-based threat recognition – protects you from emerging threats faster and more comprehensively than other solutions to ensure superior email security.
- Email filtering – offers an additional layer of security and functionality for your customers by filtering emails for spam and potential malware. Authenticity checks use detailed header analysis, message encoding and formatting, message fingerprinting, and SMTP conversation details. Message source analysis is performed in real time, and managers can customize whitelists and blacklists at any time.
- Strong email-retention policies – MSP Mail Protection allows you to enforce message-retention guidelines that prevent emails from getting lost. Retain inbound, outbound and internal emails as required by various laws and governmental agencies.
When you combine MSP Mail Protection with MSP RMM, MSP Backup & Recovery and MSP Risk Intelligence, you have total layered security protection that your clients will appreciate. Demonstrate the cost of risk with a quantified risk assessment, and then contain those risks with the most comprehensive set of tools on the market today.
About SolarWinds MSP (formerly LOGICnow)
SolarWinds MSP (formerly LOGICnow) delivers the only 100% SaaS, fully cloud-based IT service management (ITSM) platform, backed by collective intelligence and the highest levels of layered security. SolarWinds MSP’s products including Risk Intelligence, Remote Management, Backup & Recovery, Mail Protection — comprise the market’s most widely trusted integrated solution.
Deployed on millions of endpoints across hundreds of thousands of networks, the platform has the industry vision to define and deliver the future of the market. SolarWinds MSP provides the most comprehensive IT security available as well as LOGICcards, the first ever IT notification feature powered by prescriptive analytics and machine learning.
SolarWinds MSP’s passion is helping IT professionals secure and manage their systems and data through actionable insights, rewriting the rules of IT.
For more information, visit www.logicnow.com.
Email is Not Dead: http://www.emailisnotdead.com/
Sarbanes-Oxley Act: https://www.sec.gov/about/laws.shtml
NIST Special Publications 800-45 Version 2: http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf
Guidelines on Electronic Mail Security and NIST Special Publications 800-122: http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
Guide to Protecting the Confidentiality of Personally Identifiable Information: http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
NIST Special Publications 800-177 Trustworthy Email: http://csrc.nist.gov/publications/drafts/800-177/sp800-177_draft.pdf
Data breach damages: http://dcinno.streetwise.co/2015/05/27/average-cost-of-data-breach-damages-hack-on-us-companies-corp/
Network world: http://www.networkworld.com/article/2879814/data-center/sony-hack-cost-15-million-but-earnings-unaffected.html
Economic Times: http://economictimes.indiatimes.com/tech/internet/ceo-email-fraud-becoming-rampant-with-hackers-targeting-high-officials/articleshow/51918642.cms