Even with the increase in digital communication options nowadays, email continues to be very popular. It may not be the flashiest way to reach out, but over four billion people[i] know it gets the job done.
Unfortunately, however, there is a dark side to this ubiquitous messaging system. And no, it isn’t your mother’s chain letters about the horrible things that will happen to you if you don’t forward them to 10 friends. Somehow, it’s even worse. It is not to say you should stop using email; you just need to use it more intelligently. And that means stop using attachments!
Best reasons to stop sending attachments
Email attachments are dangerous for many reasons, especially if you send or receive sensitive documents.
Significant security risks. 90% of successful cybersecurity incidents take place through email[ii]. The vast majority of these get delivered via attachments. In many cases, hackers employ phishing techniques to gain access to susceptible systems.
“Phishing” is when a malicious email looks legitimate. Bad actors research your company or acquaintances and send a phony email disguised as being from someone you trust. Usually, this will include an infected payload as an attachment that they ask you to open. Those not careful or inherently suspicious click it and potentially compromise the entire network. Hackers use phishing in combination with the following forms of malware to achieve their malevolent purposes:
- Open the wrong attachment, and you could cost your company some serious money. Ransomware is a type of computer virus that maps attached storage drives and encrypts their data. The drives can’t be unencrypted unless the business pays a hefty ransom to the attackers. The estimated average payout for a successful ransomware attack is over $110K in 2020[iii], with high-profile incidents fetching multimillion-dollar sums.
- Zero-day exploits. Zero-day vulnerabilities are the security holes in software that even the developers are unaware exist. Hackers are crafty and find bugs to exploit that nobody else has considered. Obviously, they aren’t going to run and tell the developer about these flaws, so they only become known after an attack. If you run a Zero-day exploit from an attachment, you could give up complete control of your computer.
- When criminals want to steal employee credentials, they turn to keyloggers. Keyloggers are computer programs that track user keystrokes. Every time the victim types, it is recorded in a separate file and transmitted back to the hacker. If you log in to any of your accounts during this time, the bad actor now has the same information. This can be extremely damaging if the malicious agent targets a high-level executive for keylogging. However, even if the victim is a low-level employee, the information gained from their account is useful for future phishing attacks.
Loss of confidentiality. Never use an attachment to transfer confidential material. While most people think of data breaches as being hacks, it’s a more encompassing term. Let’s say you send an email to a colleague containing privileged company financial information. That document is now out of your control.
The employee’s computer could become compromised, or the employee may be disgruntled and distribute it elsewhere. The point is, you cannot track the attachment after you send the email. This means you can never be sure anything sent in an attachment is secure.
Lack of flexibility. Sometimes, the file you want to send is too large to attach. Many email clients have strict maximum attachment sizes. Why deal with this hassle in the first place? Even if you can send large attachments, it’s a good possibility they won’t go through. Many spam filters or malware detectors flag bigger documents. There’s also a chance their email provider blacklists you and prevents future emails! Save yourself the headaches.
Sender’s remorse. You send off important documentation in an attachment only to realize later that you accidentally CC’ed Brian Stahl-a personal contact- rather than Brian Stalder-your CFO. We’ve all been there. Unfortunately, since you used email, you’re out of luck. Better hope Mr. Stahl is a standup guy!
Then, there’s the case of attaching the wrong file. MayEarningsStatement.xls looks so similar to MaysBirthdaySurprise.pdf. You’re busy, and sometimes busy people make mistakes. It shouldn’t be a big deal, but the irrevocability of attachments makes it a big deal.
Steps to improve security
We don’t recommend ever sending attachments, honestly. If you must, however, there are some steps you can take to make it a bit safer.
Authenticate the sender or recipient. Many phishing attempts come from emails that look similar to trusted ones but are slightly different. Before opening any attachment (or sending one), triple-check to ensure the address is valid.
Never open unsolicited email attachments. If you receive an email attachment out of the blue, even from a valid email address, call the person to confirm it’s legitimate. You never know if a cyber attack compromised their account.
Save and scan. Do not open email attachments directly from your inbox. Save them to your drive and scan them with antivirus software beforehand. It isn’t foolproof, but modern antivirus programs will catch the majority of malware.
Turn off automatic downloads. Many popular email clients do not offer automatic attachment downloads these days, but if you run custom or older clients, it’s something to consider. Check your settings to make sure you do not automatically download attachments.
A better way
Hopefully, you understand why you should be wary of email attachments. There are very few benefits and severe risks in ignoring this advice. So, how should you be sending and receiving confidential files? We recommend AXEL Go.
AXEL Go is a secure way to share and store information online. There are no file size limits, so you can send anything you want. More importantly, it provides industry-leading security options to safeguard you against data breaches and cyber-attacks.
With AXEL Go, you’re always in control. You set the expiration dates of your shared files and can prevent recipients from downloading them. This means if you don’t want sensitive documents sitting around on other peoples’ computers, it’s not a problem! Combined with optional AES 256-bit password encryption, you can trust that important content stays confidential.
To make things even more secure, AXEL Go operates on the InterPlanetary File System (IPFS). It is a decentralized network with servers called nodes that function throughout the world. Files shared on this network are divided into small chunks and distributed to these nodes. It results in a system without a single point of failure. Traditionally, if the server farm holding your documents was under attack, your files were at risk. With IPFS, this isn’t the case. It’s the future of the internet, and AXEL Go runs on one of the largest IPFS networks in the world.
And finally, AXEL Go has full blockchain integration. Blockchain technology is a distributed ledger system where information is unchangeable once written to a block. While our blockchain doesn’t store your files, it does hold transactional details. So every time you share something, that data is timestamped to a block. This is an excellent feature for professionals, as they can transfer time-sensitive content with absolute proof of delivery.
These capabilities highlight why AXEL Go is the safer, objectively better alternative to email attachments. You can sign up for a free, full-featured Basic account and receive 2GB of storage to try it out for yourself. Download AXEL Go today for desktops or mobile devices and see why email attachments are a thing of the past.
[i] J. Clement ,“Number of e-mail users worldwide from 2017 to 2024”, statista.com, Mar. 25, 2020, https://www.statista.com/statistics/255080/number-of-e-mail-users-worldwide/
[ii] “Report unveils most ulnerable sectors to phishing attacks”, Security Magazine, Sept. 14, 2020, https://www.securitymagazine.com/articles/93347-report-unveils-most-vulnerable-sectors-to-phishing-attacks
[iii] Mathew J. Schwartz, “Ransomeware: Average Business Payout Surges to $111, 605”, bankinfosecurity.com, April 30, 2020, https://www.bankinfosecurity.com/ransomware-average-business-payout-surges-to-111605-a-14205