Current email communication is clear text. Clear/plain text leaves emails open too many types of vulnerabilities. As messaging moves forward, new technologies will surface that solve these problems. This article will focus on solutions that could be implements to thwart the threat.
It is no longer acceptable to communicate the way we do when truncating confidential information. Email is the accepted way to send documents and information, it is most widely used due to it attributes of convenience and cost effectiveness. With these great attributes comes extreme vulnerability through various paths. We are carelessly forgetting to consider many important elements susceptible through unwanted intrusions of our mail, such as the state of authenticity and confidentiality, which is made vulnerable through actions such as eavesdropping, identity theft, message modification and false messaging, as well as invasion of privacy through backups not being protected.
Emails are extremely vulnerable to interception. The process by which emails are sent and received makes them exceedingly open to confidentiality flaws and thus authenticity flaws as well. Emails can be intercepted at many points on route to the recipient. The email is stored on a minimum of two servers on its way to the recipient. It is on the sender mail server as well as the recipient mail server. When travelling through the MX hosts the email is stored on each host as well. Due to the mails being stored on so many servers on route, increases the risk of intrusion. The way you choose to address your mail also has and affect, you may attract potential unauthorized personnel or hackers.
There is no protection from an unprincipled member of IT staff, monitoring mail servers, from intercepting your confidential emails, or from a hackers obtaining access to the mail server at points where physical access security and network security are weak, through malware (spyware, adware, Trojans, viruses). If that was not enough room for intrusion of confidential information, another route open to mail interception is through network traffic interception, where emails are monitored at a higher level, by governments’ agencies for example, based on suspicious keywords, these mails could be stored for long periods for later review, leaving room for breach of confidentially and authenticity later on. Emails can be read and modified in transit failing to maintain the confidentiality and authenticity element.
It is noted that information sent via email is at great risk of getting into the wrong hands and in order to maintain the transfer of confidential and authentic information to and fro, it is of utmost importance to secure our mail in the best ways possible.
Sending an email from one user to another right now, is like sending a letter in a transparent envelope. The stamp is just the time and date, the address is the DNS name and zip code is the IP address of the server. The envelope a transparent encapsulation called SMTP and the message a simply formatted readable document that is easy to intercept monitor and read. There are too many gaps in the system enabling confidentiality breaches.
There are very few technical controls in typically implemented email that reflect the authenticity of messages, basically proving that the message has not been tampered with and that it indeed came from the user it says it came from. This is one of the reasons that many organisations do not use email to send formal documents that need registration. Due to so many confidentiality flaws in the email system, authenticity of emails is directly affected. Without proper email security and authentication the messages can be intercepted and modified, or falsely sent, legitimate emails could even be denied.
Secure and Protect Your Email
There are ways to help protect your computer from being intercepted via your mail, and thus information from getting into the wrong hands, as your operating system is your platform for your email. However, the only assurance of protection of your confidential information sent via email would be through encrypting ones emails. As mentioned previously you would not send confidential information within a letter not sealed in an envelope, so one should not be careless in sending emails that are not secured through encryption.
Encryption of Emails and How it Works
Through encrypting your email you are obtaining the best available email protection providing confidentiality. Encryption will deter all but the most devoted hackers from intercepting your mail, thus your best option to maintain the confidentiality of your mail. To ensure the authenticity of your mail you can use a personal email certificate to digitally sign your mail.
So, what exactly is encryption? Encryption is a means by which data, your email, is converted into a form of data (cipher text) that is not recognizable as clear/plain text. The security of encryption lies in the capacity of an algorithm to create cipher text that is not converted back to the original plain text with ease.
Typical email encryption is also referred to as PKI (Public key infrastructure). This type of encryption utilizes two keys, one being a private key (to encrypt the email) and the other a public key( to decrypt the email). You are the only one in possession of the private key; you thus encrypt your email with your private key. In order to read the mail one needs to decrypt it with the public key. Therefore you would give the public key to the person you are directing the mail to, and thus only that person will be able to read the email. The recipient could then reply to your email, encrypting it using the public key and you can then open and read it using your private key.
It is sensible to make it a norm to encrypt all of your mail rather than the odd confidential one, so that to the potential hacker they are seen as all being encrypted and no emphasis is placed on a few encrypted emails amongst the lot of unencrypted ones. One should not be advertising and drawing attention towards the encrypted emails and thus confidential information, through only encrypting certain emails and not the others.
By utilizing encryption throughout your emails you in turn are authenticating and validating them as well. The most common form of authentication is your personal username and password. This could easily be captured by an unscrupulous individual which in turn could use them to send modified or false messaging looking as if it is coming from you. By encrypting, you are protecting this important information, your credentials, thereby assuring that the messages from that username and password are legitimate.
Encryption also provides validation through fingerprint and digital signature. By validating the emails you are assuring that the identity of the sender is legitimate and that the message or attachment incorporated within the email has remained unchanged by another source. A digital fingerprint inimitably identifies a message by using an algorithm. Any attempt to modify the message will in turn modify the fingerprint which will thus be different to the unique fingerprint proving that the message has been tampered with. Therefore fingerprints enable you to see if the message has been modified in any way. To assure that the message has come from the correct source you would use a digital signature. The digital signature is accomplished through the use of a private key. The sender would electronically sign the message and the fingerprint with their private key. The recipient would verify the message using the corresponding public key. This ensures that the message has not been altered in any way, and that it is the legitimate message from the expected sender.
We are made aware time and time again of how insecure how emails actually are. It is very difficult to detect interception of our emails, the like hood is that most of our emails are, have or will be jeopardized at one point or another. Through our own personal efforts we can use encryption to ensure that we obtain the best possible email security at present, maintaining the confidentiality and authenticity of our emails. Technology moves very quickly and new a more secure means of protection will become available, however as technology moves forward so do the threats increase, but for now encryption is the best we have to solve all these issues or potential issues.