Idan Udi Edry is a Cyber Security Veteran and CEO of Trustifi.
In the month following the Deloitte breach, consumers and businesses are still at risk of having personal and proprietary information stolen. The Deloitte hack compromised critically private information of six “blue chip” clients including usernames, passwords, IP addresses, and health information. Deloitte failed to utilize multi-factor authentication on a portion of their email system, giving cyber criminals easy access to the accounts.
The cyber criminals then sifted through emails looking for any valuable information they could use or sell for a profit. While the Deloitte hack was contained and only affected six clients, consumers and businesses are at risk from any organization that stores sensitive information about them and fails to implement critical cybersecurity measures. Consumers and businesses can have their information compromised by a variety of organization including healthcare organizations, educational institutions, legal firms, accountancy firms, financial institutions, and businesses/third party vendors through data contained in email accounts.
Regardless of the type of organization, there should be a greater level of responsibility and protection for consumer and client information. Organizations have failed to implement cybersecurity, and it is now an epidemic. By 2019, cybercrime will cost the global economy an estimated $2.1 trillion dollars. To protect consumers and themselves, organizations must implement cybersecurity measures. Given the prevalence of email-based attacks, and the growing number of phishing attacks containing ransomware occurring globally, email security should be a forefront concern for any organization.
A critical first step is to ensure the use of multi-factor authentication for account logins. This added layer of security is integral to account protection and user verification. Cybercriminals seek out the easiest targets to make the fastest profit, utilizing multi-factor authentication encourages the criminal to move onto the next target. Deloitte could’ve avoided the breach by implementing multi-factor authentication earlier. Now, Deloitte has recognized the importance of multi-factor authentication and has completed the switch for their email system company wide.
Another consideration for organizations is email encryption. Despite valiant efforts to keep cyber criminals from gaining access to email accounts, inevitably they will find a way in. Each employee with a company email address is a potential point of entry for a cybercriminal. Negligent employees that don’t follow password protocols, fall victim to phishing schemes, and download third party applications that contain malware, create opportunities for cyber criminals to gain access.
In the case of Deloitte, once cybercriminals gained access to the account they downloaded and archived the data to servers overseas to later sort through for any valuable information. Email encryption services put two-factor authentication and an extra level of security on all emails sent, eliminating the value proposition for cyber criminals by disallowing their ability to read the encrypted emails. It would be like breaking into a bank, but the vault is empty. The usernames, passwords, IP addresses, and health information of Deloitte’s six clients would have been protected if an email encryption service had been in use.
Securing and protecting email accounts is a critical consideration for organizations of all sizes, from Big Four CPA firms to small businesses. Organizations should begin waging the war against cybercrime today by implementing multi-factor authentication for email accounts and considering an email encryption service. Increased global productivity through advances in technology should not come at the cost of privacy and security.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.