10 Lessons Learned from Climate Scientists' Stolen E-Mails
NEWS ANALYSIS: The United Nation's Climate Change Conference Conference is under way in Copenhagen, but as scientists' stolen e-mails become front-page news, it's important for us to take a step back and consider the ramifications of poor e-mail security and what lessons IT managers and security administrators can learn from this incident.As the United Nation's Climate Change Conference, or COP 15, in Copenhagen, Denmark, gets under way this week, the summit has been muddied a bit by the details found in scientists' stolen e-mails. The e-mails contain information that has given those who believe global warming concerns are overblown a new lease on life. They are now supporting their opinions with those details. And all the while, the heated debate over global warming is becoming even more divided.
But there are valuable lessons to be learned from the stolen e-mails. No, this won't be a discussion on global warming or climate change-that's a debate for another day in another place. It will be a discussion on what can be learned from this incident to ensure that employees or consumers with sensitive information in their e-mail won't fall victim to those planning to steal information. That said, it's important to note that no security plan will be absolutely effective. Sometimes, data is stolen. But the fact that scientists themselves didn't have proper security conditions in place to safeguard their e-mail points to a dangerous trend: We just don't secure our e-mail as well as we should. So let's take a look at some of the lessons learned from the stolen data and how we can protect our own e-mail going forward.
1. It's about the password
The first step in any e-mail-security plan must start with the password. Too often, users make a simple password that's easy to remember, believing no one would care what's in their inbox. That's a mindset that gets many people and companies into trouble. E-mail accounts are not places where a simple password can be used. The stronger the password, the better the chances that users won't have their e-mails stolen.
2. Think about encryption
Encryption is a great way to ensure e-mails that might have otherwise slipped out into the wild don't. Encryption is admittedly a pain. It requires more credentialing, it increases the amount of time it takes to access data, and most users consider it an extra step with limited benefits. But the reality is, encryption provides an added layer of security that users need. If e-mail security is important, encryption should be used.
3. Don't share credentials
One of the main issues facing e-mail security is a user's willingness to share credentials. It doesn't make any sense. Why should a user who is trying to keep data secure and private share his or her username and password with others? Sharing credentials is a surefire way to lose sensitive data.
4. Don't believe phishing scams
As malicious hackers realize there is big money in scamming people through e-mail, they will increase the number of phishing attacks they send out. And unfortunately, those attacks have a high likelihood of working. E-mails from banks, credit card companies or other firms that request sensitive, personal information probably aren't legit. Users need to always consider phishing scams and remember that, in the end, no one is entitled to that information unless it's deemed absolutely necessary.
5. Credentialing has an expiration date
Companies should remind employees that credentialing has an expiration date. In other words, keeping the same password for an e-mail account for six months to a year is just too long. The more often users change passwords, the greater the likelihood that they will stay a step ahead of those people who want to steal sensitive data.