Email is the number one platform cyber criminals use for scams due to the heavy reliance on emails for business communication. According to email security services providers, 90% of security attacks begin with an email. An email security company reported that their quarterly threat summary for the first quarter of 2016 showed that there has been a 66% increase in emails containing malicious attachments and URL's compared to the previous quarter in 2015. Compared to the corresponding period in 2015. This represents a staggering 800% increase! News of security breaches have been all over the news recently, and according to reports, ransom-ware will reach $1 billion in revenue by the end of 2016. Hackers are now using whaling tactics, phishing scams targeted at high-level executives, in order to steal valuable information from their computers by issuing fake legal documents such as subpoenas or tricking them into wiring large sums of money. According to the Federal Bureau of Investigation, whaling scams have led to over $2.3 billion in losses.
Organizations should look to integrate best-practices email security solutions for their document management systems. Although many companies already have some sort of email security feature, they do not have email features that house confidential and business critical information. Industries such as law firms are highly susceptible to leaking confidential records. Such an approach will streamline the processes and technology to create a strong security foundation in the organization. To go into more detail, integrating email security into your document management system will do the following:
· Setup automated processes to identify suspicious words and URL's, and add them to a blacklist
· Enforce best practices around processes and people so that in case a mistake is made manually, the software knows to intervene to protect data.
· Institute locations in the DM system for sensitive information, protected with features such as multi-factor authentication, and encryption at rest and in motion, to add additional security
· Limit access to confidential information to certain members by creating privileges on projects, deals and matters
· Replace the use of email as a collaboration tool ad limit unprotected file sharing services with auditable tools that are part of the document management system
· Enforce corporate data retention and disposition review schedules.
· Provide analytics to track abnormal activity
Due to the expertise that hackers have in destroying barriers, driven of course by financial gain; a comprehensive approach to security is needed. Protecting data and integrating email security with information and document management should be a key consideration as part of the overall security strategy of any organization.
Every organization is vulnerable to attacks, so it is a matter of when and not if an organization will suffer a breach. Attacks against organizations are consistently rising across all variants – phishing, ransom-ware, and most recently, whaling.
On the bright side, the EU just recently reformed the General Data Protection Regulation in April of 2016 in response to the rise in data breaches. Regulations such as the GDPR are equally applicable to organizations of all sizes, and it’s imperative that the small and medium sized law firms don’t ignore it. Now with the much strengthened EU GDPR, organizations have a better chance of warding off cyber criminals.