SECURITY Are your email attachments safe?

The modern office cannot function without email. According to the Radicati group, a statistical employee receives 121 messages per day. In such a traffic, it can happen that, next to spam, this one extremely unwanted virus email will also be sent to our mailbox. While this is an important issue, the question of email attachment security goes much further.

Another day at work. Fresh bolded messages are already waiting excitedly in the Inbox. In the course of prioritization, you choose three or four important topics that you will deal with first, but one of them is fighting for your attention a little more fiercely than the others. There is something urgent and desperate about it. You click with concern. The author seems to be trying to keep it formal and friendly, to be authentic, but you feel that something is not right here. In the way he is addressing you there is strange confidentiality, trembling hands. You can congratulate yourself!

There is a good chance someone has tried to extort data from you and you managed to see through his intentions. The person has impersonated a colleague who urgently needs your help in finding a lost cell phone. At the same time, he tried to persuade you to click on some bizarre, out-of-context attachment that was supposed to help solve the problem. Anti-phishing training was not in vain!

The above example shows one of the “stereotypical” mechanisms of a personalized hacker attack. The work environment, especially of large institutions, is exposed to their influence extremely often. At the office, we communicate formally on a daily basis with many, often completely unknown people. In such conditions it is easier to make a mistake while browsing correspondence, as we come across a serious-sounding message from who at first glance is a trusted sender – a friend from another department, even a supervisor – but in fact is not. Fortunately, we are not defenseless in such a situation.

Popular email providers, including Google, have tools that prevent potentially dangerous files from being attached to messages. The giant from California mentions here among others files with .exe, .dll, .cmd extensions and several dozen others. They also offer built-in antivirus systems that automatically detect threats. Does the use of such a sieve really limit the possibility of spreading viruses? We should remember that even popular and generally considered safe files, such as .jpg, .doc or .pdf may contain viruses or malware. These types of files are a tasty morsel for criminals because, in the end, they are the most common files attached to company mail. Importantly, Google services do not scan for viruses for attachments larger than 25 MB. In we want to share larger files, for example project documentation containing unusual files, popular solutions might not be enough. There are, however, alternative dedicated tools, including Data Rooms, which anti-virus systems usually do not have such restrictions.

There is one more threat to email. Even if the files attached to the message looks safe to the antivirus, such as text documents, in their content or file properties there might be included links to infected websites, which are pretty much undetectable. Such a masked attack belongs to the category of mixed attacks, which is currently one of the most widespread practices used by hackers currently. Let’s get back to the example from the beginning of the article: the context in which the virus attachment or a dangerous link was placed can be evaluated correctly only by the recipient of the message. Therefore, we should be vigilant every time we open a message, even being aware of the presence of anti-virus filters. By the way, as far as access to file properties is concerned, in this case, too, the risk can be minimized with the help of VDR, which has a “read-only” option, thanks to which it will be possible only to display the content of the document by the recipients, without being able to view its properties.

When talking about the security of attachments in the office environment, we take into account not only external threats, such as the cases of infections described above, but also, and perhaps above all, protection of the confidentiality of attachments that we share. Can an unauthorized attachment we send be captured or its contents previewed? Are we sure that in the course of a multi-threaded conversation with many recipients we will not make a mistake and will not send or otherwise provide a sensitive file to an unauthorized person? Data confidentiality can be compromised in many different situations.

E-mail service providers provide appropriate protection tools for both e-mail correspondence and files. All communication is most often encrypted and most often it is only by getting the login and the password to the mail appropriate email account that an unauthorized person can reach the data. We write more about the security of cloud solutions in the article: “Cloud data storage and file security”. The issue of good practices of handling the attachments remains open. Once again, its value turns out not to be overestimated.

Email, which is not a dedicated tool for sharing confidential information, leaves a lot of room for human error. Dedicated data sharing tools give you much more control over what we send and to whom. In the case of sending confidential data, it is once againg worth using the Virtual Data Room offer, which guarantees the security of attachments (or simply files) both from a technological and functional point of view. It eliminates many inconveniences associated with email.

In addition to the already mentioned “read-only” mode, which allows us to display the content of documents and blocks the ability to save the file or copy its content, there are a number of additional options. With the help of the VDR system, we can share any type of file, while maintaining full discretion as to whether a given file can be downloaded to disk and who can do it. The recipient’s permissions can be modified at any time, so we can block access to the file in the event of a mistake. Therefore, we can “undo” the sending of a file. And a number of settings can further facilitate and organize communication with many recipients. Email does not offer this level of information exchange control. We write more about the secure exchange of files and documents in the FORDATA system on the security page.

For nearly fifty years of the existence of email, business community has created an email etiquette that regulates security issues and at the same time determines the company’s image. Over the decades, however, tools dedicated to specific processes run by enterprises have been created, too. They have become a new standard on which both the level of information and online user protection, plus the level of professionalism of the company, will depend.