Passwords and unencrypted emails pose security risks
4 June 2020
Rising cybercrime is raising questions around the efficacy of passwords in securing data and unencrypted emails in communication of confidential personal and financial information.
Software firm Veridium reports that a third of British SMEs have received phishing emails, as the number of attacks has risen during the Coronavirus lockdown, raising questions around the efficacy of passwords in 2020.
Additionally, a report by technology website Capterra found that 45% of the phishing emails received, which hackers can use to steal passwords, were related to the Coronavirus. It also showed that a third of respondents use identical passwords across software and websites, with employees often sharing passwords with colleagues as well as between personal and business accounts.
The report follows previous research by security firm Barracuda Networks which revealed coronavirus-related phishing emails had risen by 667% since the end of February.
James Stickland, CEO, Veridium, said passwords are becoming increasingly outdated, accounting for over 80% of data breaches and the global pandemic will act as a catalyst in forcing firms to adopt stronger authentication technology such as biometrics. Research and advisory firm Gartner forecast that by 2022, 60% of businesses will have cut their reliance on passwords by half.
He added: “Millions use the same password for multiple logins, leaving valuable personal data at risk. This isn’t surprising – employees must remember approximately 27 passwords, putting them under considerable strain. Now that millions of employees are working from home, companies are waking up to the weakness of passwords. As a result, more and more organisations are turning towards password-less, multi factor biometric authentication to mitigate against increasingly sophisticated cyber threats.”
Anthony Rafferty, managing director, Origo (pictured), flagged concerns around sending of financial and personal information, which can be sensitive and confidential in nature, outside of an encrypted email.
Rafferty said: “While financial services companies take every precaution to keep client data safe within their systems, the weak point that cyber criminals can exploit lies in the passing of information between client and their financial adviser, platform or provider, where the information moves outside of a company’s security systems.
As the most commonly used means of communication we need to be more aware of the security issues around use of standard emails. Unencrypted emails are being intercepted and personal data stolen and used to commit cybercrime, such as payments and identity fraud, sending of false invoices, passwords theft and malware attacks.
And since the beginning of the C-19 crisis, a large proportion of financial services staff are now working from home, increasing the vulnerability of companies.
As cybercriminals become ever more sophisticated in their methods, and with firms able to be fined heavily for data breaches, we believe financial services companies that take measures to protect their communications are protecting themselves from business risk, while at the same time building greater levels of trust with their clients.
ATEB Consulting’s Steve Bailey looks at how the FCA’s view of suitability and what that means in practice for...
Paraplanners who have been furloughed and are concerned that their company will not have a job for them should...
The Supreme Court has ruled that a pension transfer made in ill health should not be subject to inheritance...