Is email evil? – Ep 326

Podcast show notes

Email is a great tool for communication. It is quick, simple, and it has the potential to reach so many people in so little time. But, it can also be an easy way for hackers to get their hands on your personal information if you’re not being careful. Phishing scams are one of the most popular ways that hackers use email as a tool to steal your information and cause data breaches. Email is evil!

In this episode:

Is email evil? – Ep 326

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

---

HIPAA Say What!?!

[03:22] HIPAA does not go away when you work remotely. Just in case you are one of the employees referenced in this study:

IT leaders facing backlash from remote workers over cybersecurity measures: HP study

Donna’s 3 rules of security must always apply even when you work remotely:

1. Security is not convenient.
2. Security is not optional.
3. Security can’t keep you from doing your job.

Is email evil? – Ep 326

[12:13] This episode comes out at the end of the 2021 National Cybersecurity Awareness Month – Do Your Part. #BeCyberSmart. Fight the Phish week. There is a whole week dedicated to addressing phishing attacks which is just one of many social engineering attack vectors. It is also an attack vector that does not require creepy tech skills to execute directly. There are plenty of great resources to help educate everyone about dealing with phishing, but everyone always thinks they won’t be fooled until they have over-clicked.

When we look at some of the reports about the impacts of phishing and business email compromise it only makes sense to ask: Is email evil?

Studies to prove it can be evil

Results of a recent study, ProofPoint commissioned a study by Ponemon, was released that looks at the cost of phishing we deal with today. Here are some of the truly frustrating and painful points in the study:

[20:08] Egress has an excellent report on insider data breaches, Insider Data Breach Survey 2021. Right out of the gate it is clear that email is still considered the riskiest channel for communications. IT leaders definitely are worried about it based on information included in the report:

And here is an interesting quote from the report:

Bottom line is, you can’t fix the email problem with technology. It requires people… training of people to recognize phishing attacks. To prove that point, the next chart identifies human error, employees breaking the rules and phishing attacks as the main causes of data breaches.

But employees are a 55%/45% split on reporting that they have received a phishing email in the past 12 months. Really? 45% of people say they haven’t received a phishing email in over a year? That means to us that 45% of the people are the reasons we are having phishing data breaches.

[27:18] The report has a lot of other interesting points. As a sidebar here are two:

• • We have to get the message out that it is everyone’s responsibility to secure information today.

• • If an employee leaves, don’t assume they won’t take data with them when they go:

And another interesting note on this part comes from stats for the employees that work in the legal field. The number of employees that believe they can take data with them jumps to 46% and only 15% think it is everyone’s responsibility to protect data.

Will it ever go away though?

[34:30] Email piles up like junk mail used to on the kitchen table (for those who remember those days). The hard part is sifting through all the junk emails to find the things you really want to read.

We have many different types of communications to use today, but email is still the official boss of the work day. I remember back in the 80’s when the CEO distributed a paper memo to tell us this was his last paper memo because we were switching to email. (Yes, I am that old). There was great joy because we didn’t have to go to our company mailboxes for our internal memos any more. Now, we just had to go there for actual things coming in the mail. Oh yeah, also for the curled up incoming faxes and pink phone message slips. We still had not transitioned from those to voicemail – cutting edge stuff!

Email then was used much like all of the chat tools are used today, only within company channels. We didn’t email outside the company. Ah, those were the days.

Today the lucky ones manage to do things like “inbox zero” where others like me are covered up with emails so much that I constantly try to find new ways to cut them down and sort them quickly. I have so many automated things going on when emails come in, I forget that I am sending them to people sometimes. You should see the looks I get when I have no idea what someone is talking about because my filter automatically sent an email to someone else.

I do enjoy watching the kids in college knowing what email is but not really understanding why people care about it anymore. They very rarely look at their emails. Then, they graduate. Once you work in an office, you will finally see why we all looked at you like “bless your hearts” when you hadn’t looked at something important we sent you.

Most of us despise email, but can not find a way to get business to function completely without it. There have been so many email killer solutions since the 90s I can’t even listen when someone suggests they have the latest solution to get rid of it. For the most part, it is still the only standard electronic message communication method we have to use today. Coordinating anything outside your organization is always going to fall back to email, no matter what we use internally.

The technology behind email is based on actual post office addresses and delivery. We still have POP (Post Office Protocol) for some email account connections.

Yes, but still necessary

The tech is old. It costs millions of dollars to deal with how the criminals use it against us. It sucks so much time to manage. We get so much email, it makes us dread going on vacation. How long do you really get to go without checking emails? Well, without checking them and not dreading what you will see when you finally do check them?

Yes, it is very evil but one that we have to accept is a necessary evil. There was a cold war era joke about the only things that will survive the nuclear apocalypse would be roaches (the bugs) and Keith Richards. Today we can add that the roaches and Keith will probably be emailing each other too. Well, if Keith Richards knows how to email then.

Email is a necessary evil in the business world today, just like security. We must all work together to combat the attacks on email communications until there is a better solution for us to communicate. IT can add tools to help, but if just one person clicks on a phishing email, the jig is up. Ongoing testing and training of the entire workforce, from the top down, to recognize phishing attacks is key.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.

The post Is email evil? – Ep 326 appeared first on Help Me With HIPAA.