So, you’ve secured your mail server and implemented all the necessary security policies. You think all your data is safe now and your privacy is protected? Think again. What about your correspondence? Email is the standard communication form within a business, and between the business and its suppliers and/or clients. However, the email’s pathway from sender to recipient is inherently insecure. In its travels, the message is stored on a minimum of two servers (the MX hosts), the sender’s and recipient’s computers, and possibly other hosts too. There are innumerable points along the way where the email can be intercepted, e.g., by a disgruntled employee, the NSA (fishing for keywords) hackers, malware, sniffers randomly searching the Net, etc. Protecting email confidentiality can be as difficult as protecting the information carried by unsealed snail mail.
The only sure way to protect confidential information from being intercepted or, worse, falsified, is to use secure email encryption. That is, use an algorithm to change your plain text/html file into cipher text that can’t easily be turned into a readable format.
How does encryption work? One of the common ways is to use public key infrastructure (PKI):
Step 1: Fred uses a private key to encrypt and send his message to Leroy
Step 2: Leroy receives a public key with the message
Step 3: Leroy uses his public key to decrypt/read the message, and encrypt his reply
Step 4: Fred uses his private key to decrypt and read Leroy’s reply
This encryption/decryption process authenticates and validates the communication. Authentication via encryption protects your credentials: your username and password. Validation is provided by a digital fingerprint and/or signature – algorithms that accompany the message; both are created using the private key. Any attempt to alter the message would also change the fingerprint, and changing the sender’s address would change its signature. Using the public key, the recipient verifies the fingerprint and signature, thus ensuring that the email is authentic and has not been altered.
Thus, when you consider just how insecure your business communications can be, email encryption is a viable, relatively simple method of ensuring your company information is safe from theft or falsification.
The thing is that encryption, when written like this, can make users’ eyes glaze over. They don’t know what a public or private key is, let alone how to create them.
At the very least, you should talk about email programs (especially free ones like TrulyMail) which offer encryption built in with no complications. Click, and you’re done. It’s much better, methinks.
Hello Larry ,
I agree with you ,but the article is meant for System Admin .
Thanks
Ben
For admins, you’re doing a good service introducing them to encryption. We certainly need more of it out there!
Agreeda good email encryption solution will use powerful cryptography techniques to ensure your messages are both stored and transmitted securely, and that only you and your recipients have the capability to decrypt your message data.