From financial aid information to social security numbers, students regularly share private information with their universities trusting that the university will keep it safe. That’s why it was disappointing when three major universities this summer disclosed that students’ information had been compromised. Private information including social security numbers, addresses and financial aid information were all sitting in email accounts thanks to email exchanges between students and staff. Email is easy to use, so it makes sense that universities gravitate towards it but when students trust universities with private information, universities have to protect that information.
Over 90% of all cyberattacks begin with email phishing. It’s a startling statistic, but it’s not a surprise: businesses send over 281 billion emails every day. Phishing attacks, which typically ask targets for sensitive information or to download malware, work because they prey on human nature—victims respond out of curiosity, a sense of urgency, even fear.
“Whoever Wins the White House, This Year’s Big Loser is Email.” Thus, reads the headline in the NY Times on October 19, 2016. Indeed, in the current election cycle, month after month, the focus has been on hacked and released emails, on disappearing emails, on emails that reappear on various devices – not of the user’s choosing. It certainly seems that the people who sent those emails should have known better than to write what they actually wrote in the first place.
A few weeks ago we saw yet another email scandal. The Democratic National Committee (DNC) emails were hacked and over 19,000 emails were made public during the convention. The revelations lead to the resignation of the chair of the DNC and dominated the discourse during the opening night of the convention. It is amazing that in today’s world, after the revelations of the Sony emails, anyone would still write emails of this sort. Whatever happened to the old saying, “if you don’t want it on the 5 o’clock news, don’t put it in an email!” It seems like there is a general feeling of “it won’t happen to me” that permeates many organizations. So what is one to do?