Home » Security » Why sending data via email should concern you

Why sending data via email should concern you

posted in: Security 0
Hi. Mark here. If you are a customer of mine and I’ve sent you this link, then I highly recommend you take a few minutes to read the following article and take any action appropriate to you.

Data breaches are now a daily occurrence and I want to help protect you and your data.

Companies, businesses, organisations and individuals are being hacked left right and centre and sometimes they don’t know for years after the fact. Have a look at this list I have compiled and try to keep updated; https://markis.com.au/2019-australian-data-breach-list/ This covers breaches just in Australia and only this year. Private customer data is being stolen at a rate that is incomprehensible to the average person.

Customers must take better precaution with their client data as breaches can be catastrophic and damaging, not only to the companies that are suppose to protect this data, but also the people on the database who suddenly find their private data in the hands of malicious individuals, intent on exploiting the data for their own personal financial benefit. Multiple data breaches are especially damaging as stolen data is cross-matched to reveal new information; an updated mobile number, a new password, a change of last name. These small bits of information are used to build a much bigger and more detailed profile to target an individual for identity theft or fraud.

Already, I have a number of customers who are now providing their valuable data to me, delivered personally on a USB stick ( never send data by post or courier ). This data is then transferred to our secure air-gapped production environment, completely bypassing any internet connection, or internet connected devices. The USB stick is wiped with either random numbers or a single pass of ‘0’ to completely remove all traces of data ( I use guidelines set out by the Australian Government Australian Signals Directorate and the Australian Cyber Security Centre to achieve this. See https://markis.com.au/implementation-of-data-erasure-standards-to-australian-government-standards/ for further information ).

Any physical or digital proofs I generate for approval have personal data stripped and dummy data or column headings used instead. Internally, any mock ups, jams and any reprints containing personal data are shredded as soon as possible.

Security measures for sending data via email

Password protect the file with a strong password with at least 24 characters, or use this https://onetimesecret.com to generate a one time secret. I agree it’s more effort to do, but after a while it just become habit, a very good habit. Every time I send a privacy secured proof, I must use a fresh USB stick to move the file between the air-gapped production environment and your inbox. It’s time consuming and slows down the process but protecting your data is important to me.

First time customers

When you become a customer of Markis for the first time, I check your email address on https://haveibeenpwned.com/ and if I discover your email is breached, I will recommend you change your email password ( if you haven’t already done so ) before sending data to our secured email address created for inbound data.

You should check your own email address on https://haveibeenpwned.com/, but if you are not certain about entering in your own email address, I recommend you paste in any of my email addresses first. If your email has been found, unfortunately you will need to change your email addresses. But this a major burden so the next best thing is to change your email address password.

Before you change your email password, you may want to consider these two sites; https://haveibeenpwned.com/Passwords which tests to see if your password has already been discovered, and can be used in a password file brute force attack. When you think you have found the right password, you may want to run it past this site https://howsecureismypassword.net/ to check how long it would take a machine to guess your password.

When using a secure email address with a unique, strong password you are avoiding a potential MITM attack ( man-in-the-middle ). What is a MITM attack? Read more here; https://us.norton.com/internetsecurity-wifi-what-is-a-man-in-the-middle-attack.html Typically MITM attacks start out as a phishing attack, where clicking on a link inside an email downloads malware onto your computer. However there are advanced phishing attacks which don’t require the user to click on a link; simply viewing the email is enough to compromise your computer and email.

As of September 2019: AT LEAST 4 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have beenĀ exposed through data breaches in 2019.

Stay safe and secure.

Mark.

Leave a Reply