The Realities of Email Security and Speed: Risks and Solutions
When we need documents from someone we immediately think of e-mail to request them. Surely this is quick, easy and secure… correct?
Well, the first two things are certainly true, but unfortunately e-mail is not the right choice for sending confidential information and documents. Indeed, it was never designed to be secure. Here we list some of the main reasons why e-mail is not is appropriate for exchanging confidential documents with customers, employees and other professional contacts. Documents that we absolutely need to complete a file. But preferably exchange them as securely, easily and quickly as possible.
Phishing is getting better and more common.
Phishing is the process by which an attempt is made to obtain such as user names, passwords or credit credit card details. Email is an ideal channel for this because anyone can email you if they have your address; and it is even quite likely that your e-mail address is online. Phishing emails can appear to come from your own organization; the scammers are communicating with you just as someone from your organization or customer would.
Although spam filters help block many of the phishing attempts they recognize, some will always get through, and as with anything, it only takes one e-mail to do damage.
Emails pass through multiple networks.
The existing architecture for email traffic means that an email must travel between a number of networks and servers to get from the sender to the recipient. Each connection is a potential weak point where hackers can intercept the message (this is also known as a man-in-the-middle attack). If a hacker can penetrate a particular server, he can read any e-mail stored on it. Even though these servers are well secured these days, hackers are evolving also faster and faster and often win out over security.
The bigger the target, the bigger the reward.
Everyone uses emails and hackers know that. As a result of potentially vast amounts of personal and confidential data over which a hacker would need to access servers or certain emails would intercept, it is naturally a more attractive target.
It was recently published that hackers accessed (parts of) Outlook’s email server and thus had access to emails of Outlook users. Microsoft declined to comment specifically about how many accounts were affected.
The sender has no control.
Once you send an e-mail, you are not sure what will will happen. It may be illegally opened during its journey to the recipient, or be deliberately – or accidentally – forwarded. Recipients also often save these emails, leave them on an unattended device or print them out, so they can also easily fall into fall into the wrong hands.
E-mail encryption is not foolproof.
You may have been advised that if you make sure your e-mails are encrypted, they are safe. But this is not always the case. Last year, a vulnerability called EFAIL was discovered in Outlook, which allowed
encrypted e-mails were converted to plain text. Which in turn very vulnerable.
In this case, this affected the email encryption method called PGP – and it is reasonable to assume that if one method can be undone, so can others. In June 2019, another vulnerability found. In 57% of email servers, traces were found that allowed attackers to execute commands on the server as an administrator. An attacker could easily execute any desired command, such as downloading all emails or all attachments in emails.
What can we take from this?
Email isn’t going anywhere – it’s universal and accessible to all of us. But as we mentioned earlier, no band-aid will fix the inherent insecure architecture of e-mail. Therefore, we must look at solutions that not only allow us to protect our information and confidential documents, but more importantly, keep customers’ information secure.
So we can perfectly continue to use e-mail to ask a customer or new employee to ask them to provide information. But instead of sending attachments back and forth by e-mail, it’s much more convenient and more efficient to use this e-mail to direct the end user to a secure platform to upload, complete, approve or sign the documents.