Business Risks of E-Mail

株式会社エアー Mark A.keasling

E-Mail is an indispensable tool used in business communication. While offering great convenience, E-Mail has many inherent risks. This is article discusses some of the most common problems.

### Unencrypted Mail

Mail transport is typically unencrypted. In this case, as the mail is sent from the source to the intended destination it is transmitted over the network and may also pass through multiple servers where the message may be temporarily stored.

1. Tools exist to capture data as it is transmitted over the network. These tools work by capturing the packets of data that are being sent and re-combine them to retrieve the original data. There is no way to determine if a message has been collected in this manner.
2. A malicious server, could be configured to permanently store messages for later retrieval or silently send messages to a third party.

### Erroneous Recipients

In this case, the sender of the message mistakenly includes an inappropriate recipient. Here are some reasons this could occur:

1. The recipient address is mis-typed.
2. The erroneous recipient is similiar to the correct recipient.
3. The sender accidentally clicks the “Reply All” button.

### Malicious Intent

In this case, the sender of the message intentionally sends sensitive data to an outside party.

## Mitigation and Prevention

### Unencrypted Mail

To overcome the unencrypted mail security risk, companies can require that mail be transmitted via encrypted channels. This policy is possible to implement internally; but, can’t be guaranteed once the message leaves the company’s internal network.

### Erroneous Recipients

The most common case of erroneous recipient is human error. While it probably impossible to prevent every case of human error. It is possible for a company to implement policies and provide tools for E-Mail users that reduce the possibility of messages being sent erroneously. Tools such as WISE Alert can be used to help users prevent messages from being sent to incorrect recipients.

### Malicious Intent

Instances of malicious intent are difficult to prevent. A company policy where by mail sent by employees to external recipients is archived and reviewed would not prevent but may deter users from sending sensitive data to external entities knowing that such activities would be exposed.

## Consequences

The consequences of accidentally sending messages to incorrect recipients can be devastating:

1. Loss of reputation
2. Significant financial penalties
3. Loss of trust

A company needs to understand these and other risks of using E-Mail and put policies in place, provide tools for employees that reduce these risks.

### Articles related to the business risks of E-Mail

Why email puts your business data at risk, and what to do about it

Three Critical Business Risks Associated With E-Mail