E-mail, fast and secure…or is it?
When we need documents from someone
we immediately think of e-mail
to request them. Surely this is quick,
easy and secure… correct?
Well, the first two things are certainly true, but unfortunately e-mail is not
the right choice for sending confidential information and
documents. Indeed, it was never designed to be secure. Here
we list some of the main reasons why e-mail is not
is appropriate for exchanging confidential documents with customers, employees and
other professional contacts. Documents that we
absolutely need to complete a file. But
preferably exchange them as securely, easily and quickly as possible.
Phishing is getting better and more common.
Phishing is the process by which an attempt is made to obtain
such as user names, passwords or credit
credit card details. Email is an ideal channel for this because anyone
can email you if they have your address; and it is even quite likely
that your e-mail address is online. Phishing emails can appear to
come from your own organization; the scammers are communicating with
you just as someone from your organization or customer would.
Although spam filters help block many of the phishing
attempts they recognize, some will always get through, and
as with anything, it only takes one e-mail to do damage.
Emails pass through multiple networks.
The existing architecture for email traffic means that an email must
must travel between a number of networks and servers to get from the sender
to the recipient. Each connection is a potential weak
point where hackers can intercept the message (this is also
known as a man-in-the-middle attack). If a hacker can penetrate a particular
server, he can read any e-mail stored on it.
Even though these servers are well secured these days, hackers are evolving
also faster and faster and often win out over security.
The bigger the target, the bigger the reward.
Everyone uses emails and hackers know that. As a result of potentially
vast amounts of personal and confidential data over which
a hacker would need to access servers or certain emails
would intercept, it is naturally a more attractive target.
It was recently published that hackers accessed (parts of)
Outlook’s email server and thus had access to emails of
Outlook users. Microsoft declined to comment specifically
about how many accounts were affected.
The sender has no control.
Once you send an e-mail, you are not sure what will
will happen. It may be illegally opened during its journey to the
recipient, or be deliberately – or accidentally – forwarded.
Recipients also often save these emails, leave them on an unattended
device or print them out, so they can also easily fall into
fall into the wrong hands.
E-mail encryption is not foolproof.
You may have been advised that if you make sure your e-
mails are encrypted, they are safe. But this is not always the case. Last
year, a vulnerability called EFAIL was discovered in Outlook, which allowed
encrypted e-mails were converted to plain text. Which in turn
very vulnerable.
In this case, this affected the email encryption method called
PGP – and it is reasonable to assume that if one method can be
undone, so can others. In June 2019, another
vulnerability found. In 57% of email servers, traces were
found that allowed attackers to execute commands on the
server as an administrator. An attacker could easily execute any
desired command, such as downloading all emails or
all attachments in emails.
What can we take from this?
Email isn’t going anywhere – it’s universal and accessible to all of us
all of us. But as we mentioned earlier, no band-aid will fix the
inherent insecure architecture of e-mail. Therefore, we must
look at solutions that not only allow us to protect our information and
confidential documents, but more importantly,
keep customers’ information secure.
So we can perfectly continue to use e-mail to ask a customer or new
employee to ask them to provide information. But instead of
sending attachments back and forth by e-mail, it’s much more convenient and
more efficient to use this e-mail to direct the end user to a secure
platform to upload, complete, approve or sign the documents.
approve or sign