We all know email can be used for spam, and you’ve probably heard of phishing and other types of cyber-attack. What we tend to forget is that when we send information via email, it can be open for the world to see. It’s like sending a postcard.
Don’t believe me? Think you’re using a secure email account?
Take a look at the life of a typical business email sent to just ONE person.
1 – The corporate network, your IT team
Your IT team will have access to all your emails, and they’ll back them up (possibly unencrypted), and yes, they’ll read them occasionally, if they’re bored, or just curious as to what their management is thinking. Additionally, 55% of US employers do actually monitor and read their employees’ email.
2 – The accidental forward or the wrong address
Whoops – we’ve all done it (certainly the US Air Force has, when they sent Air Force One′s flightpath to a webmaster, hundreds of times). And once you’ve done it, you can’t get it back.
Even assuming you sent it to the right person, though…
3 – Emails outside your business - the big, bad internet
First, your ISP may be able to read it. Or, your government has requested a ‘tap’, so they can see what you’re up to. Then your email is bounced around, usually with no encryption, through a series of ISP (Internet Service Provider) computers. If one of these special computers, or “routers”, is hacked, then hackers can view all the traffic passing through it, including your email. Anyone of the tens of routers your email will pass through could be compromised, and someone may be interested in what you’re saying.
4 – The authorities
In the UK, the Government has got the “Regulation of Investigatory Powers Act” which gives trustworthies like the Ambulance Service, The Department for Transport and local Councils the ability (with a little paperwork) to take a look at our communications. In the US the government has been using the Stored Communications Act (SCA) to read private e-mails without a search warrant (also see Patriot Act, Prism etc)
“Most unencrypted email is vulnerable to unauthorised access and alteration as it passes over the Internet. Firms are recommended to adopt systems that…automatically encrypt all outgoing email to those offering similar facilities.” The Law Society Email Guidelines 2005
5 – The recipient’s IT team
So the email makes it to your recipient’s servers. Again, their IT team may be interested in taking a peek, and they’ll take a backup, and perhaps their security isn’t as good as yours, so the emails may be now accessible via a weakly secured webmail, for example. Or their backups aren’t encrypted at all.
6 – The recipient’s computer
It may be shared, compromised through hacking or other security breach, or backed up somewhere crazily insecure.
What can you do?
Until some sort of global email security standard can be setup and enforced, it’s best to use something else for anything sensitive. The Kremlin uses typewriters! There are plenty of commercial and free secure messaging and collaboration services out there.
Our own safedrop is great for sharing important and confidential information.
Or you could start using a collaboration tool like Projectfusion to capture casual content and collaborate securely.
We just sent you an email. Please click the link in the email to confirm your subscription!