How secure is e-mail?

Posted by Spikey on Dec 9, 2011 in Blog | Comments Off

Collabor8online is a solution that enables businesses to share documentation and manage projects online. At the moment just about the most common question we are asked is, “What about security?”

The questioner usually then goes on to say how his company handles a great deal of sensitive information, concerning projects or clients financial records, sometimes medical, sometimes technical but always of a highly confidential nature.

“How do you communicate this information at present?” We ask

“We e-mail it”, is the usual reply.

Oh dear.

At this point we need to ask ourselves how secure is e-mail? Although Email is used every day by billions of people worldwide, which leads most people to think it is secure, in fact, email is an inherently insecure communications medium, which can only be secured through great effort. One of the biggest security mistakes anyone can make is assuming their email is secure. It is not.

In case you’re thinking that because you have a “business based solution”, such as MS Exchange, Outlook or similar, these security problems do not apply to you, far from it. The inherent insecurity were talking about relates to business users just as much as they do to home users. In fact, in some cases they may be considered worse, the most commonly used “business” protocol SMTP (simple mail transfer protocol), actually relays your messages through several servers before reaching their final destination. What is more, this is all done in plain text (which is of course the heart of the problem), so if anyone were to intercept your e-mail (in mid transmission or at one of the relaying servers) they could read it. It’s that simple. Intercepting unencrypted e-mail messages presents no problem for anybody who wishes do it.

So, what’s the solution. The solution is to encrypt the transmission of e-mail from your computer to your intended target and there are a range of products and services available to help you do this. Such services are offered by a large number of companies including Microsoft and Semantic but generally do not form part of standard solutions.

Our solution at Collabor8online, is that you store the documents via encrypted (https) transmission in your own version of collabor8online, and then simply e-mail the link to that document to your intended recipient. That way your confidential information is encrypted as it is saved on our server and again when it is read from the server. Furthermore, only users with a valid login ID and password will be able to retrieve the document at all, which of course adds an additional layer of security.

There is one further problem with e-mail, which is probably more down to the way we use it then with the product itself. Those wonderful tools that enable us to Forward, Reply or (the worst offender) Reply to All are prone to misuse, often with amusing but occasionally with horrendous consequences.

So e-mail is inherently insecure, both in technical terms due to the methods of transmission and in human terms due to the fallibility of the people who use it.

I’d like to take this opportunity of apologising to my colleague who I referred to as a “muppet” some years ago, when inadvertently replying to all!

 

 

Comments are closed.