You may think that sending an email is safe enough.
You can trust your financial people not to divulge any sensitive information and senior management would never be indiscreet. Your organization has plenty of security; the IT department guarantees that, surely?
The use of email has become pervasive. Most companies now conduct the majority of their internal communications and a significant of proportion of their external communications using email. Company directors and executives may be careful when having sensitive conversations with people both inside and outside their organization, but when sending electronic messages they can often feel a bit too safe.
Imagine the damage that would be caused if a hacker intercepted a sensitive email about the latest profit figures. What if personal information about an employee or client was leaked? Imagine a contractor in the IT department who just can't help snooping on confidential emails, then leaves the company and shares the information with a third party. Recent figures show that IT staff can be surprisingly casual about the use of email and snooping on colleagues. When faced with temptation many IT staff admit to reading confidential emails not meant for their eyes.
The cost of this type of lapse in information security is phenomenal. There is the real cost to a company where competitive information is 'stolen,' either maliciously or via careless email use. Or a more subjective cost, where a company's credibility is undermined because information has been leaked. Add to this the fact that litigation in this area is often as a direct result of inappropriately forwarded emails and you start to see the problem.
Not to be dismissed is the security risk of email itself. Emails pose the biggest virus threat to both companies and individuals. Many viruses use electronic address books to automatically send themselves, spreading the infection at an alarming rate before the recipient has a chance to take precautionary measures.
Emails leave permanent electronic footprints which most people in an IT department could read very easily. Deleting messages from your PC is no guarantee the message has gone forever. It is relatively easy to recover from your hard disk and typically, copies of an email will be stored on many different email servers as the message travels from sender to recipient.
So email is wonderful; its ease of use and speed are essential in today's business environment, but it is a significant security risk too. Emails are easy to hack into, can be forwarded to people who you didn't intend to see it, leave a permanent record on computers and servers, and are the major means of spreading viruses.
Encryption - The Solution?
Considering the hype surrounding both email encryption and web-based encrypted email they are sorely lacking in real security value. In fact, encryption may actually draw attention to your messages. Hackers' sniffing lines are alerted to encrypted messages. To suddenly start encrypting your emails is like a red rag to a bull, the hacker will know that something is happening that you don't want anyone else to know about.
In any case, simply encrypting your email will do very little to make your message secure: once it has been received it is converted back to plain text on the recipients computer, where it can be easily compromised. Standard encryption is very easy to break for the seasoned 'professional.' Even when using the highest commercially available encryption, the headers and footers of the email can still be read, so you will have already given away plenty of information.
The Answer? - Secured Messaging
Secured messaging uses various technologies like public and private key infrastructure (PKI) to provide a secure environment in which to exchange information. Complex multiple layers of encryption ensure that emails are stealth-like. They cannot be recognized as messages on the public network and so do not draw attention to themselves. Direct routing also ensures they do not end up sitting on email servers, so they leave no permanent trail.
Other security features now available include unique session 'keys' which ensure that even if your computer is lost or stolen the message is unreadable. Once deleted the message is genuinely overwritten. Moreover, the sender has complete control over the life, forwarding and even the printing of the message. Therefore, no copies end up where you don't want them to, nor are hard copies left lying around.
Such technologies are highly complex, using PKI, digital certificates, encryption and Internet protocols, and may be difficult to use. However, solutions are now available that package such technologies and do make them extremely easy to use - in fact, as easy as ordinary email but with 100 percent encryption functionality. Solutions such as these are needed particularly in the financial services industry, legal and medical sectors.
Steve Jenkins is managing director, Europe, of SafeMessage (www.safemessage.com).