We have all seen an enormous increase in phishing emails since the start of the pandemic. For many of us our work involves multi £million dispute resolutions where clients expect communications to remain confidential or privileged. But many of us are still sending highly sensitive business information and bank account details in unencrypted emails.
A reminder of the dangers came from a rather surprising source recently. A client of ours received a letter from HM Revenue & Customs where they set out the risks associated with sending information to them in emails. In their letter HMRC warned the client that using unencrypted emails could lead to the following risks:
- Confidentiality and privacy – there’s a risk that emails set over the internet may be intercepted
- Confirming your identity – It’s crucial that communications are with established contacts at their correct email addresses
- They warn there is no guarantee that any email received over an insecure network, like the internet, has not been altered during transit
- Attachments could contain a virus or malicious code.
Their advice went on to suggest either “desensitising” information in emails or using encrypted emails.
The current global pandemic will continue to provide plenty of opportunities for fraud and opportunism. For example, there has been a substantial increase in phishing emails asking for either passwords, or inviting us to open attachments or to click on links.
Perhaps fraudsters are responding to the fact that many of us are currently working from home on personal computers rather than office machines. This means we are operating outside corporate secure systems and procedures that we would have in the office.
Please now remind yourself and colleagues of the risks of doing so. We encourage all our clients to avoid including sensitive information in unencrypted emails, to password protect documents and memory sticks they send us and not to include bank account details in unencrypted emails.
While on this subject, we also need to check the urls of the sites we browse. Google say there are currently over 2 million phishing websites. Google’s Transparent Report contains up-to-date statistics and a tool for checking whether a site is safe (http://tiny.cc/safe-browsing).
In summary, we need to check the url of sites we visit, only open emails from trusted sources, encrypt sensitive emails, documents and memory sticks, use password managers and a VPN to access office files when working remotely.
What precautions do your organisations recommend and do you use encrypted emails for sensitive communications? Please share your own experiences in the comments box below or in an email to us. We would love to hear your thoughts and experience.
Keep Safe everyone,