CC or BCC, that is the question.

Comments are off
1
Marcelo Orlandi
CC or BCC, that is the question.

How many times have we sited this phrase from the famous William Shakespeare? I lost count. This time we are going to discuss CC and BCC.

For those who do not know the meaning of CC and BCC, they stand for CC = Carbon Copy and BCC = Blind Carbon Copy, and normally it is referred when sending emails, who to copy and who to blind copy.

Now you may be thinking, what does this have to do with cybersecurity? Well, maybe you remember that in February 2018 the MDBN (Mandatory Data Breach Notification) came into place, you can read a little bit here.

You may not consider your email address as personal information, if so, you may need to think twice. If somebody else has your email address, that person can try to impersonate somebody else and get information from you. Not only that, it is the most used method for phishing attacks and also ransomware compromise.

I know that you are probably really busy and you receive no less than 200 emails per day. 200 emails per day requires a quick look at the email before taking action.

For an Australian company, this was recently a little bit more than a headache. In this scenario, a marketing email sent by an employee to 300 customers exposed a major gap in the firm’s cybersecurity governance. The problem began when an employee sent the email in the CC field instead of BCC.

If you were one of the recipients of that email, you could easily see competitors email addresses and customers from this company.

In addition to that, there is not a technology out there which can stop that, simply because you may want to send the email as CC and not BCC. For that reason, security awareness training in companies is a paramount these days.

Do you receive too many emails each day? Even so, that is not an excuse. Stop and think before you click.

And as always, be safe out there, until next Malware Monday.