Watch for Chinks in the Armor

By Don Reisinger  |  Posted 2009-12-09

10 Lessons Learned from Climate Scientists' Stolen E-Mails

As the United Nation's Climate Change Conference, or COP 15, in Copenhagen, Denmark, gets under way this week, the summit has been muddied a bit by the details found in scientists' stolen e-mails. The e-mails contain information that has given those who believe global warming concerns are overblown a new lease on life. They are now supporting their opinions with those details. And all the while, the heated debate over global warming is becoming even more divided.

But there are valuable lessons to be learned from the stolen e-mails. No, this won't be a discussion on global warming or climate change-that's a debate for another day in another place. It will be a discussion on what can be learned from this incident to ensure that employees or consumers with sensitive information in their e-mail won't fall victim to those planning to steal information.

That said, it's important to note that no security plan will be absolutely effective. Sometimes, data is stolen. But the fact that scientists themselves didn't have proper security conditions in place to safeguard their e-mail points to a dangerous trend: We just don't secure our e-mail as well as we should. So let's take a look at some of the lessons learned from the stolen data and how we can protect our own e-mail going forward.

1. It's about the password

The first step in any e-mail-security plan must start with the password. Too often, users make a simple password that's easy to remember, believing no one would care what's in their inbox. That's a mindset that gets many people and companies into trouble. E-mail accounts are not places where a simple password can be used. The stronger the password, the better the chances that users won't have their e-mails stolen.

2. Think about encryption

Encryption is a great way to ensure e-mails that might have otherwise slipped out into the wild don't. Encryption is admittedly a pain. It requires more credentialing, it increases the amount of time it takes to access data, and most users consider it an extra step with limited benefits. But the reality is, encryption provides an added layer of security that users need. If e-mail security is important, encryption should be used.

3. Don't share credentials

One of the main issues facing e-mail security is a user's willingness to share credentials. It doesn't make any sense. Why should a user who is trying to keep data secure and private share his or her username and password with others? Sharing credentials is a surefire way to lose sensitive data.

4. Don't believe phishing scams

As malicious hackers realize there is big money in scamming people through e-mail, they will increase the number of phishing attacks they send out. And unfortunately, those attacks have a high likelihood of working. E-mails from banks, credit card companies or other firms that request sensitive, personal information probably aren't legit. Users need to always consider phishing scams and remember that, in the end, no one is entitled to that information unless it's deemed absolutely necessary.

5. Credentialing has an expiration date

Companies should remind employees that credentialing has an expiration date. In other words, keeping the same password for an e-mail account for six months to a year is just too long. The more often users change passwords, the greater the likelihood that they will stay a step ahead of those people who want to steal sensitive data.

Watch for Chinks in the Armor


6. There can be no chinks in the armor

If just one person at an organization doesn't engage in safe security policies, e-mails, sensitive client information and other data can easily slip out. And the worst part is, it won't be just that single employee's information leaving the confines of the company. With a chink in that security armor, companies will have a significantly increased likelihood of facing stolen data across the operation.

7. Trust doesn't play well with e-mail

Users cannot trust much when it comes to e-mail. Sure, there might be a nice e-mail in the inbox from a family member requesting information, but immediately trusting that that family member sent the e-mail is not smart. Every e-mail opened and every e-mail responded to should be vetted to ensure that the content is true and free from security issues. It's not an easy task, for sure, but blindly trusting the content of an e-mail quickly leads to security problems.

8. Remember the anti-malware

It's also important for e-mail users to use anti-malware software. If and when security issues arise on a user's PC, all kinds of bad things can follow. Some outbreaks specifically target e-mail accounts in the hope that sensitive information can be "phoned home" to the malicious user's server. With the help of anti-malware software, some of those problems can be caught before they wreak havoc. Once again, it's not a guaranteed solution, but it will help.

9. Companies need an e-mail policy

In the enterprise, it's extremely important for companies to have a thorough e-mail security policy. Employees should know what is in that policy, and they should follow every last bit of it. If they don't, they need to be held accountable. E-mail is a hotbed for security issues. If a company isn't adequately prepared to confront those issues, sensitive information both in e-mail and on the PC could leak out.

10. Plan for the worst

As bad as it may sound, it's important for users to think about the worst-case scenario and plan for that to happen. E-mail is one of the best ways for malicious hackers to access sensitive information. With a disaster plan in place, companies and individuals will know how to respond to issues if and when they arise. And with a proper understanding of e-mail security and a desire to keep information safe, many of the problems that the climate scientists faced can be eliminated. It just takes time. And a plan.

Rocket Fuel