Email Breaches Lead to ‘Wall of Shame’
Recent Health Data Incidents Spotlight Common Security Challenges
“Phishing is definitely a top problem that doesn’t always get the attention it deserves,” says Mark Dill, who joined consulting firm tw-Security earlier this month from the Cleveland Clinic, where he served as director of information security for 15 years.
For instance, the Verizon Data Breach Investigation report for 2015 states that 23 percent of users open phishing emails; 11 percent click on the embedded link. Plus, 50 percent of users open the phishing email within the first hour, Dill notes. Major breaches caused by compromised internal credentials are often the result of a successful phishing attack, he adds.
Steps to Take
Experts recommend a number of measures that organizations should take to reduce the risk of breaches involving email.
For incidents involving unauthorized disclosure, “most email filters have at least a lexicon – as simple as a word list or weighted word list – to sense when PHI and other sensitive data types are being sent, then auto-route for encrypted delivery – or data in motion,” Dill says.
“Making users aware of other key words that can be an encryption trigger like ‘confidential’ or setting the sensitivity flag before sending – can be coded to auto-route for secure delivery,” he adds.
Still, “data loss prevention tools will likely do the best job to monitor, alert, quarantine for review, forward and encrypt, and/or block based on job role – to enforce corporate appropriate use rules,” Dill says.
“Emerging market place tools provide encryption with lifecycle management tools – where the file has to ‘check in’ before use,” he notes. “When the sending organization has the encryption key, they can always control what can be done with the file, and by whom – deleting the key when they choose, rendering the file a useless blob.”
… Also, Dill suggests user behavior analytic tools that can highlight when user IDs and devices’ behavior “is stepping away from baseline behaviors,” can help signal when a credential has been compromised.
Other safeguards include “effective web filters” that can block outbound egress to known infected sites or sites with no or a bad reputation, he says.
However, safeguarding endpoints is “the tool of last or first defense,” he adds. “Emerging tools that don’t rely on pattern files may block malware variants more effectively.” Finally, “disallowing access to user’s personal webmail accounts while at work…will eliminate one common vector,” he says.