361.6 billion emails are sent globally per day.

Business email compromise (BEC) and email compromise were among the top reported cybercrimes, further emphasising the role of email in cyber breaches. BEC, in particular, is highlighted as both effective and lucrative, exploiting the trust in business processes for financial gain, often initiated through compromised or impersonated email accounts.

Let's start with the basics.

When sending attachments via email, whether internally or externally, with both sensitive and non-sensitive data, adhering to best practices is crucial for maintaining cyber security. Here are some guidelines derived from the Essential Eight strategies, critical infrastructure cyber security trends, individual and business cyber threat insights, and comprehensive cyber security strategies:

For All Emails:

1. Limit Attachment Sizes: Large files can pose transmission and storage issues, possibly leading to security vulnerabilities. Use secure file transfer services for large files if necessary.

2. Use File Type Restrictions: Limit the types of files that can be sent as attachments to prevent the spread of malware. For example, executable files (.exe, .scr, .bat) should be avoided.

3. Implement Anti-Virus Scanning: Ensure all attachments are automatically scanned for malware before being sent and upon receipt.

4. Apply Data Loss Prevention (DLP) Tools: Utilize DLP tools to monitor and control the flow of sensitive information outside of the organisation.

5. Train and Educate Users: Regularly educate users on the risks associated with email attachments, including phishing attempts and malware distribution.

For Sensitive Data:

1. Encrypt Attachments: Use strong encryption for sending sensitive data. This adds a layer of security in case the email is intercepted.

2. Use Secure Email Gateways: Implement secure email gateways that encrypt emails end-to-end to protect sensitive information.

3. Apply Digital Signatures: Use digital signatures to verify the authenticity of the sender and ensure the email has not been tampered with during transit.

4. Control Access: Limit access to sensitive information based on roles and necessity. Not every employee may need to send or receive sensitive data.

5. Regularly Update Security Measures: As cyber threats evolve, so should your security practices. Keep your security measures and software up to date.

6. Follow Regulations and Compliance Standards: Ensure that the handling of sensitive data via email complies with relevant regulations (e.g., GDPR, HIPAA) to avoid legal issues.

If you operate in the defence industry or have sensitive or classified material, we have partnerships with archTIS and VaultCloud and can offer support to use their policy driven access controls and solutions.

Additional Considerations:

- Patch and Update Systems: Regularly update email clients and security software to protect against vulnerabilities.

- Monitor Cyber Threat Trends: Stay informed about the latest cyber threats and adjust your email security practices accordingly.

- Develop and Test Incident Response Plans: Have a plan in place for responding to a data breach or cyber security incident that involves email compromises.

By adhering to these best practices, organisations can significantly reduce the risk associated with sending attachments via email, safeguarding both sensitive and non-sensitive data against unauthorised access and cyber threats.

Contact Nik Villios if you want to find out more how we can educate your team and put these Essential8 derived practices in place to proactively protect your business.