This article discusses the issues and risks associated with data transfer via email attachments and suggests improvements that organisations can make to help improve their cyber security.
I will start this blog with the rather bold statement ‘We should all stop sending email attachments – right now!’. Now, this is an overly generalised and slightly exaggerated statement, but behind it there are genuine reasons why businesses may want to establish mechanisms and encourage users to minimise the use of email attachments for information sharing – especially with recipients outside of their organisation.
A real world example
Let’s consider a real-world example – this is not a work of fiction. One of our existing clients recommended us to an organisation that had been experiencing information leaks. Examining the evidence, the common denominator appeared to be a series of documents emailed from a single user’s email account. We suspect that the email account was compromised, and an unauthorised 3rd party was able to poke around in the account and, given email attachments were used, uncover a wealth of sensitive information.
Now, the root cause of the leaks was the failure to use a complex and unique password along with enabling additional account protections (e.g. multi-factor authentication), however this example clearly demonstrates the fact that email accounts naturally accumulate a mass of sensitive information that is often overlooked by users.
The downsides of email attachments
When an email is sent externally, it leaves the security of your organisation’s IT systems and passes over the internet, hopping between mail servers on its way to the recipient’s mail server. If email is used to transfer sensitive information, the following risks are introduced:
Loss of control – It is important to realise that once an email and attachment leave systems that are under your control, you lose control of that data. Your data is entirely at the mercy of the recipient and their IT systems. Will the recipient handle the data with the care and attention you expect? Will they forward the email on to others – either intentionally or accidentally? Does the recipient use a complex password and MFA to protect their account?
Secure transmission is not guaranteed – Modern email is still based upon protocols originally developed over 50 years ago. Whilst effective, these protocols were not developed with security in mind. There have been numerous recent enhancements to try and retrofit security measures, however these are not always enabled and therefore email transmission is not guaranteed to be secure.
Data replication – Every time a sensitive document is attached and sent via email, multiple copies of the document are generated. The document is taken from a safe storage environment (hopefully the organisation’s Sharepoint or Google Drive instance) and copied into multiple new locations – typically the recipient’s inbox and the sender’s ‘Sent Items’ folder.
Data accumulation – How many people ever delete emails? Some people leave everything in their Inbox, others have an elaborate set of folders that they carefully file emails into, but very few people hit the delete button. This means that over time, people’s email accounts can accumulate a mass of information, and consequently can become an irresistible target for hackers and other groups of cyber criminals.
Accidental forward / incorrect recipient – I’m sure the majority of people have sent an email to the wrong person or forwarded an email without noticing the attachment. Once it’s been sent it’s gone – there’s no getting that data back again. Attempts to recall email rarely work. You could try sending a grovelling email asking the recipient not to open the email, but that often draws more attention to the email and makes the situation worse.
What can be done to reduce the risk?
As mentioned above, the simple fact is that organisations will lose control over data they share externally. Therefore, to reduce risk, it becomes imperative that organisations retain control of their data for as long as possible. Whilst control is retained, you can influence what happens to your data.
Additionally, you can take actions to minimise the risk once your data is outside of your control. You can do this by taking steps to influence how 3rd parties handle your data. For example, if your sensitive data is not directly attached to an email, this will reduce the risk of accidental forwarding and eliminate the access that an attacker would have in the event of email account compromise.
There are tools that can help with both of the above - read on to find out more.
Given the risks associated with sending external email and attachments, and the risk reduction steps highlighted above, we built Trebuchet - a simple, browser based, cloud hosted file transfer tool. With Trebuchet, data is securely uploaded to a cloud service and recipients are sent a transfer link allowing them to securely retrieve the file.
Importantly, Trebuchet helps organisations retain control of their data beyond the click of the email ‘Send’ button. It achieves this in the following ways:
Automatic expiration – File transfer links and the associated content do not persist indefinitely. Links can be set to expire after a specified time, or after a certain number of downloads. This allows organisations to control the window during which their data is available for transfer.
Manual revocation – File transfer links can be revoked, instantly removing the ability for the content to be downloaded by a recipient. This can effectively recall an attachment that has been sent in error and prevent further downloads. Trebuchet reports how many times a transfer link has been accessed so users can monitor access to their data.
End-to-End encryption – Data is encrypted and decrypted client side (i.e. in the sender and recipients browser) using AES-256 encryption. Encryption keys are also generated client side, and transferred directly to the recipient as part of the file transfer link. This guarantees that information is encrypted throughout the entire transfer process and can only be accessed by the intended recipient - Red Maple or any other 3rd party cannot decrypt the files.
Eliminates email attachments – Files are not directly attached to emails therefore content does not accumulate in user mailboxes. If a user hits the forward button, the new recipient simply receives the expired email link. Or, considering our real-world example at the beginning of this article, the un-authorised 3rd party would have only gained access to a series of expired transfer links, and not the actual content.
Send large files - Most email services limit attachment sizes to a few tens of megabytes. With Trebuchet you can send files as big as 10GB.
European data hosting - Trebuchet is hosted by our cloud partner IONOS in a UK data centre. As IONOS is headquartered in Europe they are outside of the US Cloud Act, which has been an explicit requirement of some of our European customers.
This article has illustrated some of the business risks associated with transferring sensitive information via email. Hopefully you can now appreciate why trying to reduce the use of email attachments is a crucial step in improving the cyber resilience of an organisation.