E-mail is exposed at various points along its transmission, via backups, by IT staff members, or during firewall inspection. And not just the text: attachments account for around 96 percent of the total volume of content sent through e-mail systems. The challenge is to protect the integrity of the attachments, as well as the text, according to Webroot.
Unencrypted e-mail messages and files are sent in clear text, allowing them to be intercepted, either by accident or with malicious intent. Just the e-mail auto-fill feature used to complete a co-worker’s name accounts for many errors. We forward e-mails which contain long threads, and may not even realize who is copied, or who may receive a forgotten attachment.
It happens all the time. For example, in May 2009 a staffer at the Office of the State Superintendent of Education in Washington, D.C., e-mailed personal information about 2,400 applicants to 1,000 of these applicants, by mistakenly attaching a spreadsheet.
Hackers with malicious intent can intercept these messages and read them. Consider an online bookstore called Interloc. To increase marketing results, Interloc offered its clients e-mail services, and then copied all the e-mails sent to Amazon.com without the permission of the affected parties.
How Should Content Be Encrypted?
There are numerous ways to use e-mail encryption, all with advantages and disadvantages.
Transport Layer Security: Provides gateway-to-gateway encryption over TCP/IP connections. Both parties must support TLS to encrypt automatically, but the business must purchase an infrastructure certificate, does not provide notifications, and can be slow.
Manual encryption methods: Some e-mail security software allows users to manually encrypt messages by adding a certain prefix, which requires the receiver to go through a series of processes to read the e-mail. This offers the user the flexibility to choose which messages to encrypt, but it also requires extra steps, training, and an additional user interface for the security software.
OpenPGP: An encryption standard for any kind of content and attachment, OpenPGP uses asymmetric encryption keys that are discoverable via open source and global directories. This enables messages to be sent to multiple recipients, each using their private key for decryption. However, this protocol is not built into many systems, and uses keys and software to use OpenPGP.
Businesses must also consider that encryption will impact other organization technologies, such as virus scanning and e-mail archiving, among others.
E-mail encryption is critical for a variety of reasons, from battling outsiders’ malicious intent to complying with regulatory obligations. To protect data integrity, businesses must consider a variety of complex solutions.