Another day at work. Fresh bolded messages are already waiting excitedly in the Inbox. In the course of prioritization, you choose three or four important topics that you will deal with first, but one of them is fighting for your attention a little more fiercely than the others. There is something urgent and desperate about it. You click with concern. The author seems to be trying to keep it formal and friendly, to be authentic, but you feel that something is not right here. In the way he is addressing you there is strange confidentiality, trembling hands. You can congratulate yourself! There is a good chance someone has tried to extort data from you and you managed to see through his intentions. The person has impersonated a colleague who urgently needs your help in finding a lost cell phone. At the same time, he tried to persuade you to click on some bizarre, out-of-context attachment that was supposed to help solve the problem. Anti-phishing training was not in vain!
The above example shows one of the “stereotypical” mechanisms of a personalized hacker attack. The work environment, especially of large institutions, is exposed to their influence extremely often. At the office, we communicate formally on a daily basis with many, often completely unknown people. In such conditions it is easier to make a mistake while browsing correspondence, as we come across a serious-sounding message from who at first glance is a trusted sender – a friend from another department, even a supervisor – but in fact is not. Fortunately, we are not defenseless in such a situation.
Popular email providers, including Google, have tools that prevent potentially dangerous files from being attached to messages. The giant from California mentions here among others files with .exe, .dll, .cmd extensions and several dozen others. They also offer built-in antivirus systems that automatically detect threats. Does the use of such a sieve really limit the possibility of spreading viruses? We should remember that even popular and generally considered safe files, such as .jpg, .doc or .pdf may contain viruses or malware. These types of files are a tasty morsel for criminals because, in the end, they are the most common files attached to company mail. Importantly, Google services do not scan for viruses for attachments larger than 25 MB. In we want to share larger files, for example project documentation containing unusual files, popular solutions might not be enough. There are, however, alternative dedicated tools, including Data Rooms, which anti-virus systems usually do not have such restrictions.
There is one more threat to email. Even if the files attached to the message looks safe to the antivirus, such as text documents, in their content or file properties there might be included links to infected websites, which are pretty much undetectable. Such a masked attack belongs to the category of mixed attacks, which is currently one of the most widespread practices used by hackers currently. Let’s get back to the example from the beginning of the article: the context in which the virus attachment or a dangerous link was placed can be evaluated correctly only by the recipient of the message. Therefore, we should be vigilant every time we open a message, even being aware of the presence of anti-virus filters. By the way, as far as access to file properties is concerned, in this case, too, the risk can be minimized with the help of VDR, which has a “read-only” option, thanks to which it will be possible only to display the content of the document by the recipients, without being able to view its properties.
When talking about the security of attachments in the office environment, we take into account not only external threats, such as the cases of infections described above, but also, and perhaps above all, protection of the confidentiality of attachments that we share. Can an unauthorized attachment we send be captured or its contents previewed? Are we sure that in the course of a multi-threaded conversation with many recipients we will not make a mistake and will not send or otherwise provide a sensitive file to an unauthorized person? Data confidentiality can be compromised in many different situations.
Email, which is not a dedicated tool for sharing confidential information, leaves a lot of room for human error. Dedicated data sharing tools give you much more control over what we send and to whom. In the case of sending confidential data, it is once againg worth using the Virtual Data Room offer, which guarantees the security of attachments (or simply files) both from a technological and functional point of view. It eliminates many inconveniences associated with email.
For nearly fifty years of the existence of email, business community has created an email etiquette that regulates security issues and at the same time determines the company’s image. Over the decades, however, tools dedicated to specific processes run by enterprises have been created, too. They have become a new standard on which both the level of information and online user protection, plus the level of professionalism of the company, will depend.