email, a postcard to the world
We know that email is a pain for spam, and you may even know about phishing. What we tend to forget is that when we send information via email, it is open for the whole world to see.
“Intercepting email is easy to do. Anything that passes across the Internet is bouncing around public connection points where people can listen in. There are tools…that will let you hook in and almost deliver it back to you on a plate” Greg Day, Security Analyst, McAfee
the life of an email
1 – The corporate network, your IT team
Most business email starts in the corporate network. Technically it’s usually secure between your computer and your business servers. However your IT team will have access to all your emails, and they’ll back them up (probably unencrypted), and yes, they’ll read them occasionally, if they’re bored, or just curious as to what their management is thinking.
2 – The accidental forward or the wrong address
Woops – we’ve all done it (well certainly the US Air force has, when they sent air force 1’s flightpath to a webmaster, hundreds of times). And once you’ve done it, you can’t get it back. Let’s assume you sent it to the right people.
3 – The Internet
From here, we venture onto the big bad internet. Your email is bounced around, with no encryption, through a series of public computers. If one of these special computers, or “routers” is hacked, then hackers can view all the traffic passing through it, including your email. Anyone of the tens of routers your email will pass through could be compromised, and someone may be interested in what you’re saying.
4 – The authorities
In the UK the Government has got the“Regulation of Investigatory Powers Act” which gives trustworthies like the Ambulance Services, The Department for Transport and local Councils the ability with a little paperwork, to take a look at our communications. In the US the government has been using the Stored Communications Act (SCA) to read private e-mails without a search warrant.
“Most unencrypted email is vulnerable to unauthorised access and alteration as it passes over the Internet.. Firms are recommended to adopt systems that… automatically encrypt all outgoing email to those offering similar facilities” The Law Society Email Guidelines 2005
5 – The recipient’s IT team
So the email makes your recipients servers. Again, their IT team may be interested in taking a peek, and they’ll take a backup, and perhaps their security isn’t as good as yours, so the emails may be now accessible via a weakly secured webmail for example.
6 – The recipient’s computer
It may be compromised. Talk to us about our secureview option, this provides a way to send files that can’t be downloaded, just viewed securely on screen. Or use some sort of Digital Rights Management on documents.
what can you do
“The user’s going to pick dancing pigs over security every time.” — Bruce Schneier
Give your people the ability to send things with encryption. Use safedrop, or encrypted email (if your recipients have a compatible system). Whatever you do, it’s has to be as easy as pressing send.
People are busy and yes, forgetful sometimes, and lets face it security isnt that exciting (to most folk, however we love it!) At safedrop we’ve made it simple, one click and your document is sent, securely. No special plugins, software, or fiddly options.