After the recent Sony Pictures Entertainment hack made headlines, many businesses have started to rethink their corporate email policies. Exposed company emails between execs at Sony led to public embarrassment and data security risks.
Email for your clients is a vital and simple tool to communicate while doing business. Your clients probably don't realize their email account is filled with personal information that could be at risk. As an IT professional, your client's liability can quickly become yours. Let's look at five common missteps your clients may be taking when it comes to email security.
Bad Email Habits That Can Lead to Data Breaches and IT Lawsuits
Odds are your clients are making basic data security mistakes when it comes to email. In particular, they're probably sending and receiving attachments that contain personal information that should be encrypted.
This is especially problematic because email accounts can be relatively easy to hack. The statistics on small business phishing attacks are frightening: the best phishing attacks work 45 percent of the time, and 1 in 5 small businesses will be targeted (for more on that, read, "Give the Gift of Spam Awareness This Holiday Season").
Given the likelihood of an attack, you should remind clients not to keep any emails containing…
- Scanned driver's licenses. As part of the hiring process, many new hires have to send a copy of their driver's license. You snap a photo with your smartphone and email it to the HR personnel at your new company. Unfortunately, now there's a digital version of your driver's license information floating around in your email account. Remind clients to clean out their "Sent" folder as well as their inbox.
- Digital faxes. Companies like "eFax" create faxes that you can send via email. That's convenient, but it also creates a record of payment information and personal data. Any faxes that clients want to keep should be downloaded and stored offline, then wiped from their email.
- Passwords. Some websites with ancient account creation systems actually email plaintext passwords to users who signed up for accounts. If you've been keeping the same Gmail account for 10 years (yes, Gmail is 10 years old now), you might have some passwords and account login information archived in your mail.
- Bank account numbers / routing numbers. Leases, corporate contracts, and investment documents often list account information or attach a scanned copy of a check (which includes account and routing numbers). These official contract documents can be vital to seal a deal, but they should be immediately deleted from email accounts once they can be stored securely offline.
- Spreadsheets containing work data, customer information, etc. You're supposed to have this stuff in your email, right? Wrong. By keeping work emails with attachments, your clients might be hoarding protected information in an unsafe location.
2 Strategies to Reduce Email Liabilities
Because a lawsuit could cost thousands of dollars, IT consultants need to take active steps to make sure their small business clients don't make dumb, preventable mistakes with their data security.
As an IT consultant, you'll need to teach your clients a better approach:
- Trim the email inbox to the bare minimum. Some users keep everything in their mail inbox and never delete any emails. This practice significantly increases their data security risk. Only keep emails without pertinent personal or account information.
- Enable two-factor authentication. 2FA requires users to enter a secondary piece of information after logging in with their username and password. This often takes the form of a passcode or temporary token. Even if hackers steal their login information, they won't be able to access the account. In fact, the New York Times reports that JP Morgan could have prevented its data breach of 83-million accounts if it had only enabled 2FA on its data servers.
Emphasize good data security habits for your clients' email and other IT they use daily.
Clients Are Your Biggest Risk Liability
As we reported in, "Recommend IT Services to Clients? Know the Risks," an IT consultant's biggest liability comes from clients. Even if a data breach is caused by user error, a client could allege that you should have done more to prevent the breach.
To protect your business from these lawsuits, you should…
- Encourage your clients to have Cyber Liability Insurance / Data Breach Insurance, which pays for many data breach costs. That means they won't have to file a lawsuit against you to recover their losses.
- Help your clients adopt better data security practices. With resources like our free Customer Education Packet, you can help clients reduce their risk of a data breach.