Virtru Security Insights

4 Data Breaches That Would’ve Been Prevented by Encrypted Email

In 2014, there were a total of 783 data breaches in the United States alone, an increase of over 20 percent from the previous year. For security experts, that number is frustrating, not necessarily because it means that hackers are getting smarter, but because in most instances, data breaches are completely preventable.

In many cases, simply using encryption can prevent data breaches, eliminating the threat of intruders running off with private data. This is especially true when it comes to email, where an unsecured inbox (or an unencrypted message that gets intercepted) can lead to a company being hung out to dry.

Just by using encryption, your company can prevent data breaches — but don’t take our word for it, just look at the story of these four institutions that suffered major data breaches because of unencrypted email.

1. The Sony Pictures Hack

Given the size, scope, and financial burden of the Sony Pictures hack, it’s likely that their name will be synonymous for “data breach” for years to come. While the exact specifics of the data breach are still under investigation, there’s no doubt that a large bulk of the attack’s notoriety came from the release of unencrypted emails sent between Sony Pictures executives, directors, actors and other employees.

While the gossip is what made the news, Sony also exposed social security numbers and a significant amount of private health information pertaining to employees that should have been secured. If Sony is serious about wanting to prevent data breaches in the future, they need to institute encryption throughout their network.

2. Unsecured State Department Networks

During late 2014, the State Department revealed that hackers had breached its unclassified email system. While the government claims that no sensitive information was lost, we have to wonder: why wasn’t this “unclassified” network encrypted with the same strength as its other networks?

Although this network wasn’t used for sensitive information, we think that there’s no need for differentiating between “levels” of information, as in order to prevent data breaches, all data must be encrypted, and especially of that data is traveling across networks. After all, the tiniest bits of information could be potentially valuable to a hacker in getting deeper into a system.

3. Penn State Hospital Breach

During the summer of 2014, the Penn State Milton S. Hershey hospital experienced a data breach due to the costly mistake of one laboratory technician. The technician had sent confidential patient info using his own email address, meaning that patient data was sent in plain text over the Internet. The hospital was hit with a HIPAA fine, leading to a rehaul of the security practices at the institution.

While it was only one technician, it goes to show how important email encryption is in order to prevent data breaches. If this one employee had been using email encryption, there would have never been a HIPAA breach.

4. Stratfor

Stratfor, a global intelligence agency, suffered a crippling leak in 2011 that would eventually lead to the release of over five million emails. The emails, which include everything from office banter to intelligence secrets, have greatly damaged Stratfor’s reputation. As interesting as the emails themselves were, the most interesting bit to come out of the Stratfor leak was the very fact that a huge global intelligence corporation didn’t use email encryption.

To prevent a data breach of this size, all Stratfor had to do was use encryption — and yet, for whatever reason, they couldn’t be bothered. When you consider that intelligence and secrecy is literally the industry that they work within, such an oversight is almost impossible to comprehend.

Virtru: A Tool to Prevent Data Breaches

If there’s a lesson to be learned from the above examples, it’s that despite the power of email encryption to prevent data breaches, users still aren’t adopting it. Why? In a word, convenience. No matter how strong your system is, if it isn’t user friendly, no one will use it. This is highlighted especially well in the Penn State hospital case, where it took just one rogue doctor to upset the whole system.

If you want to help protect against your own data breach of epic proportions, you’ve got to have an email encryption system that isn’t just secure, but also easy to use.

Virtru provides client-side email encryption without the hassle of other technologies, such as PGP, S/MIME, or the various portal solutions on the market. There’s no need for a key exchange, or the juggling of digital certificates. There’s no need for your employees to ditch their current email addresses in order to use encryption, either — which was the entire reason the Penn State breach happened. Likewise, Virtru works with iOS and Android, meaning that you can always have encrypted email by your side, even when you’re not at your desk.

Prevent your company from suffering a data breach. Try Virtru today, and see how easy it is to bring email encryption to your inbox.