Posted Monday May 23rd, 2011, 7:45 am by Dr Monica Seeley
Careless emails can be very expensive. Last week I ran a workshop on ‘Managing the risk of cyber crime’. Cyber crime in all its different guises now costs business more than physical crime according to a recent Cabinet Office report (you and I stealing pens and paper from the staionary cupboard). In financial terms, cyber crime costs businesses about £17bn per year. Recovering from a breach of security costs most business between £20,000 and £500,00 according to PcW.
The inclusion of e-evidence can add upto an extra £500,000. Yet as the KPMG e-disclosure report identfied, few High Court Judges really know how to handle e-evidence. Indeed witness the super injunction fracas.
Sony admitted it will loose revenue and clients as a result of the hacker attack on its Playstation network.
All this prompted me to re-visit how easy it is to leak confidential information through email.
You can have the very best technology to scan outgoing emails for content, block the use of unkown USB sticks etc. However, at then end of the day the majority of cyber crime is committed by human error. The most common leaks occur through the following human actions.
- Sending an email to the wrong recipient
- Content which breaches the law
- Attachments with meta data
- Attachments which are not secure
- Out of Office Message
- Emails sent to home address
How often have you either been trained in email best practice and the law or trained those who work for your business? Probably, if you are like most organisations, rarely and often only after an incident.
There are two simple steps any business can take to manage the risk of a cyber crime attack through email. First, have an up-to-date Acceptable Usage Policy which has been read and accepted by all employees. Second, provide adequate user training.
During the week I will post some simple ways for everyone to help manage the risk of breaching security and compliance. A subsequent blog will also look at the common laws which govern email.