A number of years ago while on a family vacation, a younger member of the household that stayed behind was given a simple task. We asked if they could go to the local post office to mail a letter for us. I’ll admit, I wasn’t expecting the response “I don’t know how” and it gave me pause for thought. In the present society, we have an entire generation growing up that has never known a world without the Internet.
Having been a regular user of the World Wide Web since about 1994, from the early days of dial-up to the present state of ultra-fast broadband in every home, it struck me. People born the year I started regularly typing a “www” prefix were now 24 or 25 years old, several years out of school, perhaps with degrees, and more often than not occupying the same office space I did. Despite only being in my early 40s, it’s still a shock to the system.
Here was an entire group of people, some of whom even had kids of their own, that probably never experienced the previously-critical life skill of hand-writing an address on an envelope, putting their return address in the upper left corner, and then affixing a stamp in the upper right. Next came everyone’s least-favourite activity with licking the stamp and the seal on the back of the envelope. I still shudder when I think of the taste of glue or paper cuts on my tongue and carefully pressing everything firmly to make sure it stuck. We then had to venture out into the big, bad world, often walking several blocks or driving to a post office and mailing that letter.
We didn’t give much thought to security in those days, often stuffing notes of various denominations into birthday cards and mail order catalogue forms. If we did, we used those fancy envelopes that obscured the contents when held up to a light or, to be ultra-secure, we placed sticky tape on the seal of the envelopes, you know, just in case. Then, after the letter left our possession, we waited patiently for weeks, days, or months for a response, checking the mailbox daily and eagerly awaiting the arrival of the postie.
In order to compromise the security of a mailed letter, it had to be intercepted somewhere along the way as the letter exchanged hands many times. This is similar to how our electronic communication hops from point to point, with modern-day routers akin to post offices and telecommunication links akin to delivery vehicles. If someone was skilled enough to intercept that letter and see if it contained valuable information, their work was far from done. Duplicating that information required some manual effort to photocopy or photograph the contents (say nothing of then having to go get that film developed). Mass distribution of the compromised information was equally formidable with having to manually mass-mail the information, call many people, or post it publicly on a bulletin board.
As the 1990s arrived, email found its place in mainstream communication and with a few keystrokes and mouse clicks, we could send anything anywhere in a matter of seconds with little effort. While it still takes some effort to intercept these “letters”, anyone that compromises the information can duplicate and distribute it globally, posting it on forums and websites. There are no paper cuts on your tongue or residue of glue to be had, but the virtual compromise stings a lot worse and leaves a bad taste just the same.
Given this possibility and reality, why do we so freely share our most personal details when the risk is so much greater? This is why we must take security seriously when it comes to protecting our most valuable asset — our information.
Allow me to paint another picture to illustrate. In 1982, a high school student writes a letter to his girlfriend, expressing his feelings for her. The letter arrives at her house a few days later and her brother intercepts it, opening and reading the letter. The sender arrives at school the next day to find it posted on the office bulletin board for all to see. Despite much mocking and teasing, he is able to remove the letter and aside from the occasional “remember when” story, the incident is forgotten.
Fast forward to 2012. A high school student emails his sweetheart a love letter which, due to her lax security, is left open on the family computer. Her brother sees this email and copies it, posting it to social media and forwards it to everyone he knows. The note goes viral and millions around the world read its contents. This cannot simply be pulled off the office bulletin board and destroyed; it is now permanently part of the Internet fabric. In 2019, copies of that original letter still surface to haunt all those involved, appearing globally and randomly until the end of time.
If your personal information becomes compromised, this is a very real possibility that your most sensitive and private details will circle the internet for eternity. Even events that occurred in the early days of the World Wide Web still appear nearly three decades on. Email is simply one way this can happen, but serves as a valuable example, since nearly every single one of us use email on a daily basis.
To be honest, it’s surprising that after decades of daily use we’re not better email users. Business email compromise is a major challenge for Australian organisations. In a recent webinar with the Deputy Director of Interpol, Doug Witschi told our viewers that Australia is over represented globally for business email compromise and that around 20% of all business email attacks target Australian organisations.
While we must be diligent about protecting our own personal data, there are also policies and procedures your organisation should put in place to protect information. I often promote the value of disaster recovery and business continuity planning for businesses, end user awareness training, multi-factor authentication and a robust identity and access policy will also help keep your emails safe. Many of our customers are also eligible for complimentary Microsoft Security assessments, that can help you understand your security posture and how to better protect yourself with Microsoft 365 E5.
In reality, we all need to start with managing our digital communication better and getting smarter with our use of email.
It’s your digital footprint. Tread lightly. Stay safe out there.
Logan Daley is an Information Assurance Specialist and Solution Architect for Security. He is a member of Data#3’s dedicated Security Practice, one of the most mature and highly accredited cybersecurity business in Australia. Discover more security-focused content here.
Tags: Business Email Compromise, Email, Information Assurance, Phishing, Security