E-mail encryption now with tokenless two-factor authentication
As more business services move into the cloud and e-mail becomes increasingly easy to access from anywhere, there is growing legislation governing business-related e-mail communications and the need for a secure communication channel.
Hennie Moolman, Managing Director of network security expert, AfricaSD, highlights current South African legislation and suggests an easy to way meet both existing and future legal requirements.
As e-mail becomes increasingly easy to access anywhere in the world and businesses become increasingly dependant on e-mail for a competitive advantage, companies have to address the potential security threat posed by such an environment.
While much of South Africa's digital communication and security is governed by common law, there is existing legislation that requires certain e-mailed documents - such as credit notes and invoices - to be encrypted, secure yet accessible to recipients, auditors and authorities.
SARS dictates that all tax invoices, debit and credit notes be transmitted with at least 128-bit encryption, and the Electronic Communication and Transaction Act 25 of 2002 and Financial Intelligence Centre Act 38 of 2001 (FICA) have brought local electronic communication more in line with international best practices.
In fact, many South African companies are eager to pre-empt impending legislation and implement tighter security measures because it makes sense to protect sensitive commercial documents and data, but anticipating the necessary requirements, such as a Public Key Infrastructure (PKI) or digital signature system, and still being able to take advantage of cloud-based e-mail communications can be challenging and prohibitively costly for many small-to-medium organisations to consider.
Nonetheless, a simple and cost-effective way for businesses to secure their e-mail communications is through two-factor authentication security offerings. Two-factor authentication requires the recipient of a message to access it via two channels, such as combining an e-mail URL address with login details forwarded to the recipient's cellphone.
This approach allows organisations to protect their confidential and sensitive company communications, both internally and with customers, in a way that does not require costly network infrastructure overhauls.
While there are a number of two-factor security options available, clients should look at those that meet the minimum requirements for secure communication and are easy to deploy. The options should be easily compatible with industry-standard e-mail clients, such as Outlook, and require no installation or changes from the customer's side.
Such an approach also allows businesses to avoid the delays associated with forcing a new partner or customer to integrate additional security measures on their side and to start trading and dealing immediately and securely.