Debunking the email privacy myth

Email communications are inherently risky, and information transmitted by email, including sensitive data and business-critical transactions, is more vulnerable than most users realize.

“The reality is that anyone with access to a switch, router or hub between your outbox and your recipient’s inbox can read your unprotected email,” said SECNAP CTO Michael Scheidell. “That could be your IT guy, or it could be hackers. To ensure information privacy, it’s vital that all parts of an email and its attachments be encrypted from Point A to Point B, and everywhere in between. And that encryption has to work on smartphones, too.”

Using a variety of smartphones for both their business and personal communications, executives and professionals regularly share confidential information over highly risky channels. Most are willing to sacrifice email security and information privacy for the benefits of speed and convenience.

“That’s a bad idea,” says Scheidell. “Cyberspace is filled with individuals constantly on the hunt for information to exploit, and the easier it is, the more vulnerable you are.”

A growing body of regulation in the United States requires organizations to safeguard the personally identifiable information (PII) of their customers, patients, vendors, students, employees, investors and other stakeholders. Specific email encryption requirements are now included in HITECH, HIPAA and GLBA regulations, and at least two states have also mandated encryption as a privacy measure.

“Encryption of transactional emails is going to become standard operating procedure in this decade, the same way spam protection became standard in the previous one,” said Scheidell.