Although the data and trends are overwhelming in support of eliminating email attachments in favor of cloud storage links, some organizations will insist on receiving only email attachments (to their own peril).
The following text is provided to help you enlighten your recipient of why they should consider modifying their security policy. You have full permission to copy, edit, and otherwise adjust the content as you see fit...
Email attachments are a dangerous 50-year-old file-sharing technology developed back when color television was beginning to overtake black and white. Email attachments are woefully unprepared for the cybersecurity realities of today. File sharing technologies, like cloud storage, are the solution being adopted en mass by organizations globally.
Cloud storage links are far safer than email attachments for the following reasons:
Although both hyperlinks and email attachments are a common infection vector, hyperlinks have several critical advantages over standard email attachments from a security point of view.:
- Hyperlinks to best of breed cloud storage services provide detailed audit trails of the origin of files and are avoided by attackers. Email attachments offer no trace and are anonymous and thus are a favorite of attackers.
- You can easily white list trusted cloud services to allow download. Nothing to do for email attachments, they are already inside your firewall.
- Enterprise cloud storage, like Box, scan for viruses upon upload. Further limiting even accidental distribution of viral content.
- Email attachments can be completely self-contained, and once inside the organization, can wreak havoc without external support. In contrast, the delivery of a hyperlink isn't the delivery of the virus. The link still needs to be clicked and reach out through firewalls.
- Once an attachment is inside someone's inbox, it is a persistent threat that can not be shut down by adjusting border defenses. Even if the recipient is disconnected (e.g. on an airplane), a malicious email attachment can infect the user's device. A malicious hyperlink is disabled.