Five simple and free steps to secure your business – Step Two: Clear Your Inbox
The Hackers Treasure Trove
Email inboxes, and the treasure trove of information they contain, are now the number one risk for accounting firms. Any email that can be accessed externally by a phone or remote device is susceptible to hacking, and even emails still on a server can be at risk. One of the reasons why email is so high risk, is that they all have ‘hyper-convenient’ login pages which are susceptible to brute force bots.
The high risk element to emails means that firms need to review what is stored on these programs, to limit their exposure.
Why your firm needs to clean your inbox
Realistically people use their emails as their own personal filing system. This coupled with the anytime/anywhere access has created a huge risk for firms.
We recently spoke to a firm that had a team members’ Office 365 breached. The hacker was able to crack their simple 7-character password using a brute force bot (more details on this risk here). Once the hacker was in the account they had access to seven years’ worth of email information, including TFNs, entity structure details, bank account details, internal passwords and personal client details.
This meant that when the firm contacted affected clients they even had to officially notify ex-clients in writing to let them know that their data could have been accessed.
How your firm can manage this
In addition to putting security such as single sign on, passphrases and two factor authentication around your inbox, you also need to review the data that lives in it. This is required to minimise the impact of that nightmare breach scenario.
Hypothetically if a hacker got into your inbox but there was no legacy data, then technically there’s been no breach of information. What increases the scope of the breach is the years worth of historical data that is contained in the inbox. If data has been securely archived, there’s no need to notify EVERYONE you’ve ever received an email from.
Its unrealistic to expect firms to clear everything out, but we recommend setting up an auto-archive on your inbox to move old data to a secure storage location. Backing up your emails to a secure location means that your data is secured and accessible years down the line, but takes them away from the inbox which is on the frontline when it comes to cyber crime.
Learn how to set this up on Office 365 here
If you want to learn more about how you can secure your business, you can book in a Cyber Security Consultation with one of the team here
This article was written by Jon Melloy, Technical Marketing Lead at Practice Protect, who’s sole focus is protecting accounting firms’ reputations with tools, policies and education to keep data safe without sacrificing convenience.