Address Books, Webmail and the Cloud

Emails in the Cloud

To All businesses Who Use Address Books on Webmail: stop and learn why your data may be at risk. Instead of Webmail, use a third-party email client such as Outlook or Thunderbird.

Recently, I was hacked. No one is immune – even those of us in the infosecurity field can get hacked. The situation occurred in an email account that I use for professional correspondence outside of my day job.

I have a client in the medical profession who uses Gmail for his email correspondence, and recently, the doctor was hacked. He keeps all of his patient email addresses as well as friends and family in the same account. One day, I received an email from him. There was nothing in the subject line, no salutation, and no content in the email whatsoever. The only thing in the body of the email was a link to a website.

The other items I noticed that caused immediate concern were in the TO line: all of the email addresses that received the email were visible. I had access – anyone had access for that matter – to every address in my client’s address book. And of course, there was a link to some unknown website.

Hopefully, no one fell for the ruse and clicked the link. At that time, the HIPAA compliance regulations had not fully taken effect because the doctor did not report the breach. But since he was a medical professional, there may have been penalties involved. I immediately emailed him and told him he’d been breached, and then, I called and also left a voice message – in the event that he could not access his email. A few days later when he returned from vacation, he called me and confirmed my diagnosis: yes, he had been breached.

I use a third-party application, Thunderbird. I do not include any addresses in my Webmail account. When my ISP discovered the breach, they shut down my account and notified me. Since none of my contacts were accessible as a result of the breach, none received the bogus email, and my personal brand remained intact.

It’s a lot easier for hackers to break into cloud-based email systems because there are far more vulnerabilities in them. Also, the ROI for breaking in is much higher due to the quantity of potential targets. The more people who visit the same place (for example, Yahoo! website to access Yahoo! mail or Google to access Gmail) to access their information, the more chances a hacker has of breaching an account and causing severe damage to a large number of users.

These days, everyone keeps some form of personal and professional data in the cloud. It makes life easier, and it makes access to data quicker. And you can access it from anywhere. But, as a midsize business, isn’t data protection more important than easier access to data? Add extra layers of protection to your data. Generate complex passwords for employees to use, and change them regularly. Also, make sure that the employees who have access to the data are the appropriate employees to access your data.

Society tends to take the ease-of-use path when it comes to security – making our jobs more difficult for those of us who work in security. While we’ve taken a giant leap backward in both security and privacy, one way to beat the hackers is to keep your email contacts off of Webmail…it will be one less worry if your webmail account gets breached.

____________
Image Credit: digitalart via FreeDigitalPhotos.net

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Advertisements

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in Business Process, Cloud Computing, Data Security, Disaster Recovery, Email and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s