New guidance from ACCA and Barclays to make your practice safer.
Sniffing, eavesdropping, emanations and spoofing present data security issues.
To combat these email threats it is important to understand the risks and apply appropriate technical and governance controls with a suitable level of security to protect the data for the lifecycle of the communication.
There is no easy ‘one stop shop’ solution, so a combined holistic security approach should be undertaken, determined by the requirements of the data being transmitted.
ACCA has collaborated with Barclays to produce a new technical factsheet to help you improve email security. It focuses on issues including:
sniffing (capturing data as it is transmitted over a network)
eavesdropping (unauthorised monitoring of other people’s communications)
shoulder surfing (obtaining passwords etc through direct observation)
object reuse (the reallocation of a storage medium that contains residual data)
social engineering (psychological manipulation of people into performing actions or divulging confidential information)
emanations (monitoring signals not intended to communicate data)
spoofing (sender address and header information altered)
Technical factsheet: email security, produced in partnership with Barclays, looks at the risks and examines the pros and cons of various security methods. Do consider sharing this with your staff to help educate them about the risks around data security too.