What’s in your email?

This article started life in couple of ways. Over on CyberAwake I re-ran an article from summer 2022, looking at how some information, useful to a threat actor, could leak out of your organisation this summer, just because of the use of a simple setting in Outlook:

The Out-Of-Office Email and How It Compromises Your Organisation’s Cyber Security

The second prompt came about in a discussion with a new client, who has signed up for an IT and Cyber Security Audit, about how they deal with sending sensitive information.

The third thing was an email I received, which contained some sensitive information from a client – and was not encrypted. I got thinking about this as on the same day, one of the team was required to digitally sign an agreement that had been sent only to me – so Martin accessed my email. Now I obviously trust Martin (and have done for more years than either of us want to think about) but that got me thinking about “what ifs”.

The simple things first…

Set your PC to lock after a short period of time – mine locks after two minutes – and if you leave your PC then lock it manually. Not sure how to do this? I asked Microsoft’s Copilot AI for instructions (with a little editing from me):

  • To manually lock your Windows PC, press the Windows key + L on your keyboard.
  • This shortcut will instantly lock your computer, requiring your password, fingerprint, face or PIN to access it again.
  • It is a quick and secure way to protect your data when stepping away from your desk.
  • You should also set your PC to lock automatically after a period of inactivity through the screen saver settings.

These simple cyber security steps will protect your email from prying eyes, both accidental and malicious.

But I use my phone for my work email.

I have a couple of points to raise here.

Do you let anyone else use your phone? If the answer is yes to this then you need to make sure they cannot access sensitive information in your email. I have Outlook on my iPhone set up so that it needs either the PIN or my face to open it. And I do not let anyone use my phone, including Diana. Some may call that paranoia but I just call it good cyber security.

Outlook Locked

Outlook on my iPhone locked!

Other apps…

This article is about information leaking from your email, but what other sensitive information can be accessed by someone else using your phone?

I have my sensitive Word, Excel and OneNote files encrypted and my confidential messenger app – not WhatsApp – is locked with Face ID. This only leaves MS Teams, which I cannot lock so I do not leave sensitive information in that app.

Your Takeaway

It can be so easy to let small bits of sensitive information leak out of an organisation – our IT and Cyber Security Audit can help you identify if you have a leak and help fix it.

The summer is here…

During August, the Wednesday Bit will be taking a break but it will be back in September and will be starting off with a new Back-to-Basics Primer mini-series.

Have a great summer.

Clive

p.s. Go to the Octagon Technology blog on August 1st, for the full story about the AI generated featured image:

Copilot AI and the Phishing Email | Octagon Technology

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

Image Credit – Microsoft Copilot and DALL-E 3