Email Insecurity: How You Can Help Prevent Your Company from Being the Next Victim of a Hoax
Email. We use it every day, all day: we send emails for work, we email friends, and we email our family. We email so much, in fact, that an estimated 122 trillion emails are sent every hour from our more than 4.35 billion email accounts worldwide. There is no question that email quietly and consistently underlies most of our communications across the web today.
Yet it might surprise you to learn that email is, in fact, one of the least secure mechanisms available for transmitting information. Virus-infected emails, wiretapping on network lines, unencrypted information, keystroke loggers, lack of adherence to corporate IT policies, and poor password management are just some of the ways your email could be compromised. And while someone hacking into your email to read your missives to loved ones may not seem serious, access to confidential corporate information puts your company at risk.
When it comes to sensitive corporate communications – a crucial management change, potentially market-moving financial results, a critical drug research breakthrough, or groundbreaking policy change – the consequences can be dire. This is particularly true of situations in which access to a professional's email account is used to disseminate false news via press release.
Consider these examples in which nefarious email access was used to trick wire providers into distributing intentionally false or misleading information via press release:
- Samsung Electronics is the subject of a fictitious statement indicating it had agreed to buy Fingerprint Cards for $650M, leading to a police probe into the security mechanisms and policies of the wire provider disseminating the news
- Google is the victim of a fake news report stating it had bought Wi-Fi provider ICOA for $400M
- Environmental group Friends of the Earth distributed a hoax release touting fake quotes and losses from the Australian government over developments in the wind energy industry
From governments and universities to major global corporations, it seems no targets are immune to these attacks, the consequences of which range from a loss of face with the public to legal action that can shed millions of dollars in market value.
Clearly, the stakes are high enough that any company distributing its news via press release ought to consider the security of the platform, provider and mechanisms for getting those releases out to the public.
With our reliance on email only increasing, how can you guard your company against this kind of hoax? Here is some advice to consider when choosing a newswire service provider:
- Insist on secure mechanisms for the transfer and storage of information. Your distribution partner should not only offer a secure platform for the upload of your content, but should also offer ways to keep your confidential news secure while its being processed, and resolutely refuse to accept such sensitive content via email.
- When disseminating news to your website, ask your provider how they will ensure only relevant, legitimate news releases will post to your site. Leveraging an automatic news feed not only eliminates the risk of manual error, but also ensures material information is posted to your site in a timely manner.
- Look for a provider whose distribution platform offers password protection and limits access to that platform to a small, named group of individuals within your company. Don't allow users to "share" logins to the distribution platform and regularly ensure the list of those who do have access is current and up to date both internally and with your provider.
- Ask your provider about any past incidents or breaches and how they have since mitigated the risks these incidents brought to light.
You should also consider tightening up your own personal security when it comes to email: change your password often, never share your passwords and avoid re-using passwords across multiple systems. Simple things, like logging out of your account when tasks are complete and locking your screen when not in use, can help reduce risk. You should also flag (without opening!) junk, spam, or suspicious emails to your central IT group as these may be part of a wider effort to hack into your or your colleagues' personal accounts or information.
When it comes to email spoofs and false press releases, awareness is critical. Knowing about the risks involved when disseminating your news – and the ways you can help mitigate them – can go a long way to ensuring that your company does not fall prey to a potentially disastrous and expensive hoax.
ABOUT NASDAQ CORPORATE SOLUTIONS
INVESTOR RELATIONS I PUBLIC RELATIONS I COMMUNICATIONS I BOARD MANAGEMENT
Nasdaq Corporate Solutions helps organizations manage and master the two-way flow of information with their audiences. Around the globe, market leaders rely upon our unmatched suite of advanced technology, analytics and consultative services to maximize the value of their work—from investor relations and corporate governance to public relations and communications.
Get everything you need to power your PR programs and spotlight success to your stakeholders from one strategic partner. Global press release distribution and accurate media contacts. Interactive webcasting and multimedia to bring your story to life. Monitoring services to track your coverage, and intelligence to see the big picture.
Follow us on Twitter: @MyCorpSolutions
This communication and the content found by following any link herein are being provided to you by Corporate Solutions, a business of Nasdaq, Inc. and certain of its subsidiaries (collectively, “Nasdaq”), for informational purposes only. Nasdaq makes no representation or warranty with respect to this communication or such content and expressly disclaims any implied warranty under law.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.