Have you ever been asked to exchange a private document with your mortgage banker, realtor, accountant or doctor? Most are going to answer this question with a resounding, yes. Have you ever stopped to think if the content of that email message or its attachments were secure or not?Nowadays most everyone has a personal and business email account. On the personal side, email providers such as Gmail, Yahoo or Outlook are some of the most common. These standard email accounts are generally not secure. The messages and attachments are exchanged over the public internet in the clear when going from one email provider to another when encryption methods vary - this includes the header, body and attachments. In fact, not only are they not secure, but there are also copies of those messages that you send and receive stored on the various servers within the provider’s data centers. With that being said, employees of those providers could actually be reading your private messages not to mention that the providers scan your messages to sort out spam and to pick up on keywords to evaluate what advertisements to show you.
When evaluating your employer’s network to determine if it their business has a secure email account, you would have to consider several factors. Although an email communication within a corporate network is generally more secure from the outside world, keep in mind that those that maintain and monitor the email service are able to view your information and messages. Yes, big brother is most likely watching your activity.
To determine if your corporate email service is secure, you’d have to determine what steps are taken to send an email. For the most part, if you just open your email account, start a new message and send away it probably is not secure. Some email solution providers provide a connector, which can automatically create secure email messages without this method. Nonetheless, if you select a security level or setting from the tool bar it’s going to have a layer of security added in some way. It is recommended that you check with your company email support team to determine the level of security that is being utilized.
Now lets take a look at some options for securing your email messages:
- Apply PGP data level encryption. The downside to this is that you have to exchange public encryption keys with your trading partners and customers. This isn’t for the non-technical email users or ad-hoc email users (would you exchange a key with someone you don’t actually know?)
- Sign up for an email provider that offers a secure end to end email service. There will be a charge for this service and the messages will be stored in their data center. If the provider is the subject of a cyber attack, your information could be compromised. This, however, is likely the best option for the personal home user
- Purchase a secure email software product that integrates with your existing corporate email software (i.e. Outlook). This solution will have a nominal cost, but in the long run will be a much better secure data exchange option. You will be in charge of your data, which will reside within your corporate network, you can send secure email messages to registered or ad hoc email users and the solution will strengthen the control of your organization’s shared sensitive data. If you choose the right product, the end user experience will be such that no special software will need to be downloaded by your trading partner if they aren’t on the same software solution that you are on
We all use email to communicate and share information with our friends, family and business colleagues. You must be diligent in knowing when a message that you are sending or receiving is secure or open for anyone to view. Do you really want your tax information, paystubs, or private documents made available to a criminal just because your mortgage banker requested that you send them over an unsecure channel?
If you are not aware or if you do not understand when a message is secure, you are putting your information at risk. Push back on people that request of you to send your private information over an unsecure email solution.