Email is not a secure method of communication for transferring files.
This statement may surprise many, as we have long been treating email as a safe communication tool. Email was the primary distribution method for files and links between organisations in the past. Email is not secure as criminals can intercept emails, include malicious attachments and spoof the sender, so it looks like the email is coming from someone else.
Email is the same as a postcard in the days of traditional mail. Anyone in the mail system could flip over the postcard and read it. Email is the same; it passes through multiple servers where anyone can intercept it and read it.
In another article, we touched on the prominence of criminals using Microsoft Office documents for almost 50% of all email-based attacks. An even more troubling statistic is that 94% of all malware was delivered by email.
The ICT (information and communication technologies) industry has long been aware of the flaws in email systems, and enterprises have been rapidly adopting alternate ways of sharing files, such as SharePoint/OneDrive, Google Drive and Dropbox. In addition, the adoption of corporate instant messaging platforms such as Slack and Teams has reduced the reliance on email for communication and can be used to share links to files on cloud storage.
You can take the following steps to reduce your risk associated with email use:
- Transition to a standard secure, and auditable file-sharing system such as OneDrive, Google Drive, Dropbox, etc.
- Consider using a corporate instant messaging platform for distributing confidential information. (Slack, Teams or Zoom)
- Enable users to send and receive documents and files to external recipients via your preferred file-sharing system.