Even More (Truly Scary) E-Security Human Errors that Can Cause Pain

October 29, 2021 / in Blog / by Zafar Khan, RPost CEO

Last week we highlighted two of the top five e-security human errors that can cause pain for professionals, so we’re here now to finish out the list. As you may recall, there are some mistakes that can be forgiven in the workplace (although microwaving leftover fish at 10 am is fairly borderline). However, there are those mistakes that could cost not only your job but also the livelihoods of colleagues and, perhaps, the whole company—truly scary stuff as we embark on Halloween weekend.

So below we illustrate Mistakes 3 to 5. As mentioned last week, RMail has the tools in place to prevent many of these mistakes from ever happening. If you want to hear about all five mistakes at once at our latest Steve Anderson Insurance Technology webinar, please click here to view the recordingIf you are a lawyer, the Florida Bar and its law practice management arm, LegalFuel, weighed in on the topic as well, please click here to view their recording(a bonus for Florida lawyers, viewing the entire session gets you CLE credits; the course number is embedded in the recording).

Mistake 3: Not protecting the thread

According to Gartner’s October 2021 Market Guide for Email Security, “The ability to secure, track and potentially redact sensitive data shared in email with partners, clients and/or customers becomes important, especially in light of continued regulations and privacy laws.”

In our Tech Essentials post from October 18, we covered some examples of how this can happen, but the gist of it is: You send encrypted content only to be aghast when the recipient simply replied with a “Thanks! Got it” message – not thinking that their (presumably) unencrypted reply contained your financial information in the email thread. Even worse, to save them time, they keep going to the prior email and re-replying to it with each reply containing your sensitive info.

Redact+from RMail lets users redact selected sensitive parts of an email so that those parts are removed from the recipient’s reply, or reply-all capability is blocked from the email at the recipient (specific features included are Redact Reply™Double Blind CC™). It can also erase sensitive content from within an email or kill access to an attached document while at the recipient, after one-view, a certain timeframe, or other criteria (specific features included are Disappearing Ink™). Over half of the respondents from a poll we used at our latest Florida Bar webinar stated that they were “concerned after seeing sensitive email content come back in a reply thread”.

Mistake 4: Thinking that what happens at the recipient (always) stays at the recipient

The secrets from your best friend’s Vegas bachelor/bachelorette party are probably safer than most sensitive info you share over email with friends or coworkers. The problem is that someone mistakenly clicks a (virus laden) email attachment that causes the extraction of all the email in their inbox, exports it all to cyber sleuth servers that analyze the content and then starts re-sending phishing emails with the same content to past correspondents. Sensitive data thus has the potential to spread exponentially without you even consenting (or knowing) unless you can truly send encrypted where your private content remains protected even while in the recipient’s inbox; in the message store.

As our friends from Gartner say, “Most email today is transport-level encrypted between mail systems; however, as more sensitive information is shared, the need to secure that communication in the message store becomes increasingly important.”

Fortunately, RMail encrypts for both safety and compliance. RMail’s “Double Encryption” encrypts in the “message store” at the inbox level—encrypted at rest. Of course, there’s also the Registered Receipt™ email proof record which gives you verifiable, auditable, and timestamped proof that your message was sent. What’s more, there’s also the Registered Encryption™ certificate of end-to-end transmission, so you can be 100% sure your message was sent fully encrypted and prove such in case of a future accusation of a data breach initiated by your email.

Mistake 5: Replying to Your Boss…The Imposter

Have you ever gotten an email from your boss asking you to do something involving the transfer of company money because she/he’s “out of the office”, “on the phone in a meeting”, or something similar? The request looks like your boss’ writing and maybe even has the real boss’ email address in the “from” field. By the time you realize that wasn’t your boss, you’ve transferred $20K to some random imposter, and your real boss just called to ask why $20K was just transferred out. Now maybe it’s time to crawl under a rock (or probably just dust off the old resume).

On this phenomenon, known in some circles as ‘whaling’, Gartner says these: “Ransomware, impersonation and account takeover attacks are increasing and causing direct financial loss, as users place too much trust in the identities associated with email inherently vulnerable to deception and social engineering.” Once again, RMail has you covered, as it has built-in Anti-Whaling™ features that protect against email imposters (BEC Compromise) by alerting you at the reply or forward step that your message is not being sent to the person displayed as the email sender.

So that concludes our own horror show of career limiting/ending human errors that can cause pain. I’ve been so inspired by these last couple articles that I’ve decided to dress up as an unencrypted email for Halloween. I hope you can have a happy Halloween too!