For many people, the concept of secure e-mail means that spam and potentially harmful e-mail content are affectively blocked by a firewall. However, what few people do not realise is that for an e-mail to reach the company firewall, it goes through a number of checkpoints where it can be intercepted, read and potentially tampered with.
So apart from the firewall, how do you make sure that your e-mail is truly secure? The answer is encryption, which if used in conjunction with digital signing, provides the ultimate level of e-mail security.
Encrypting your e-mail ensures it can only be read by its intended recipient. The same way you would put a personal letter in an envelope to ensure that those who handle it at the post office cannot read it, encrypting an e-mail ensures that its content remains safe from those who may have access to it while travelling through the various checkpoints towards the recipient. Anyone who is still sending mail via the post office will understand this analogy.
There are different methods or levels of encryption and organisations can adopt one that works best for them. These are:
* B2B or business-to-business encryption, which describes a system where two companies agree on a mutual encryption standard and then begin exchanging e-mail directly between each other using this method.
* B2C or business-to-consumer, a system where a business does not need to decide on a common encryption method but instead sends the message to a secured Web site where the consumer first must authenticate him/herself to prove who they are and then retrieve the message, typically through a secured browsing session. This means the consumer does not require any compatible encryption product but does need to manually retrieve each message.
* Gateway-to-gateway encryption, where an e-mail message is encrypted only between the sending and receiving hosts, but not between the hosts and the e-mail client used to compose or read the message. This means the e-mail is encrypted on the Internet, but not on a company's internal network. The advantage of this is that you only need one certificate for all users, but the disadvantage is that if security is paramount, even internally within a company this does not protect that e-mail on the internal network.
* Desktop-to-desktop encryption, where an e-mail message is encrypted all the way from the client used to compose the e-mail message to the e-mail client used to read the e-mail message. The advantage of this is that the e-mail message is encrypted at all times, providing paramount security, but the disadvantage is that individual certificates are required for each user.
In an article posted to ITsecurity.com, the 25 most common mistakes in e-mail security were discussed, and among these was the failure to use digital signatures.
And with the law now recognising e-mail as an important communication tool, especially in business for signing contracts and/or entering into financial agreements, it is imperative to protect the credibility of organisations.
While the ability to enter into these contracts online has made all of our lives easier, it has also created the added concern of someone forging your e-mails and entering into agreements on your behalf without your consent.
One way to combat e-mail forgery is to use a digital signature whenever you sign an important e-mail. A digital signature will help prove who and from what computer an e-mail comes from, and that the e-mail has not been altered in transit.
By establishing the habit of using an e-mail signature whenever you sign important e-mails, you will not only make it harder for the other party to those agreements to try to modify the e-mail when they want to get out of it, but it will also give you extra credibility when someone tries to claim that you have agreed to a contract via e-mail that you never did.
No matter how many steps you take to minimise the chance that your e-mail is being monitored by hackers, you should always assume that someone else is watching whatever comes in and out of your computer.
We advise users to remain vigilant - and to invest the time and resources to protect not only the information they are sending via e-mail, but also their reputations as credible organisations.
Share