If you have a Gmail account, then you probably already know that you can’t attach .exe, .jar, or .pif files to any emails you send. Until recently, Javascript files were allowed, but Google has changed their policy. If you try to send a Javascript attachment, you’ll get a “this file type not allowed” message.

The reason? Javascript has become the delivery method of choice for hackers who use the script to infect the computers of unsuspecting users. If you have a need to send script files, you’ll need to find some other way to do so.

Google announced the change a few weeks ago, but only recently started enforcing it to give people time to prepare. It’s unfortunate that such a move was necessary, but given the very real risks to security and the unfortunate reality that users are notoriously bad about downloading attachments from untrusted sources, it was seen as the only path forward.

Google isn’t alone. Email and other service providers are under increasing pressure to provide ever-better safeguards in order to minimize risk. The day is probably coming when it will be virtually impossible to find a third-party provider who will allow such attachments. If you want your employees to be able to send them, you’ll likely have to set up your own, proprietary mail server.

This, of course, used to be quite commonplace, but is increasingly rare these days, and if you’re considering going that route, you have to ask yourself if it’s worth the risk.

At the root, the problem is user education. Until we better educate our employees about the very real risks of downloading files from unknown and untrusted sources, moves like these are inevitable and stand as the best way to help safeguard corporate data.

While it’s true that no digital security system is perfect, there are meaningful steps you can take to minimize your risks. If you’re not sure you’re as protected as you could be, give us a call today to speak with one of our talented experts.

We’ll be happy to work with you to assess your current situation, and chart a course toward greater data security.

Used with permission from Article Aggregator