Document Vault Blog
With an increasing threat from malware, trojans, computer viruses and hacking, how secure is your email? More importantly, if you are sending (and receiving) confidential correspondence and attachments, how secure is your information?
Email was originally intended to be a means for individuals to communicate freely, regardless of which type of device they were using, from any location. Very little consideration was given to security.
So what are the risks?
Essentially, there are four ways in which you emails can be compromised:
- On your own devices (laptop/desktop, tablet, smartphone).
- On the networks while the emails are in transit.
- On the servers where the emails are stored.
- On the recipients' devices.
I am going to make the assumption that your own devices are secure, that you have up-to-date anti-virus and malware protection and that your organisation has policies in place for staff to follow giving guidance on avoiding threats (this is actually a big assumption to make!). But what about the recipient of your emails? Does he or she apply the same diligent measures? If you want to protect the confidentiality of the information you are sending, then you can not assume this!
How secure is the computer they are connecting from? Are they using a wired access or Wi-Fi to connect to the Internet? If the latter, how secure is their local network from eavesdropping and prying eyes?
What happens to your email when it is in transit to the person you are sending it to? What route does it take? Where is it stored temporarily in transit? Who could potentially have access to your information?
First of all you need to connect to your ISP (Internet Service Provider) then you connect to your hosting provider where the email is added to a queue prior to sending. Then your email is sent to your recipient's hosting provider where the emails are stored, sometimes for considerable periods of time. Then the recipient has to collect the email via his/her own ISP. At any point in the process, it is possible for your email to be intercepted or eavesdropped.
In reality, these "connections" refer to a series of network devices (physical cables, network routers and switches) which connect your computer via your ISP to the recipient's email server and then to his/her own device. Each one of these devices will be owned and operated by different organisations and as such will pose a threat to the security of your data. Even if one connection is secure, there is no guarantee that all the other connections are also secure.
Even though you can encrypt an email using SSL (Secure Socket Layer) encryption, this only works during transfer, not when the emails are at rest. And even if you are encrypting your inbound and outbound emails, you can not assume that the recipient is doing the same.
Of course, you can choose to encrypt the emails you send through PGP (Pretty Good Privacy) which involves the use of the recipient's public key and a session key to encrypt the message and the receiver's private key to decrypt it, but this requires both parties to be using the same encryption methods and is both cumbersome and technically challenging to set up.
If you are a law firm or large corporation communicating with your domestic customers, you can be sure that they won't have these measures in place. Indeed you can assume in many cases that the emails are stored on a shared server.
So, what about the servers where your emails are stored? Who manages these servers? Who has administrative access to the stored data? In what form is the data stored, in raw text or encrypted? The chances are in more cases than not that the emails are stored as raw text. How secure is your data?
How secure are your passwords? If someone can guess or steals your email password, they can access all your emails, and even send emails as if they were you.
From all of the above, you must assume that any information you send by email is not secure, at least 95% of the time. It is open not only to threats during transit to the recipient's computer but also when it is stored on the receiver's mail server prior to collection by the individual. Even if your organisation has extensive policies and procedures to follow for ensuring the security of your data, these can not guarantee the integrity of the information.
So, if email is not secure or can not be relied on to be secure in 100% of cases, how can you share confidential information, securely online?
The answer is simple, use a virtual data room.
All information accessed from a Document Vault data room is encrypted both at rest and during transfer. Not only that! You can control who has access to the information limiting it just to the person concerned or the group she/he belongs to.
Each user can have her/his own private account giving access to the information.
Document Vault Systems provides a fully managed service including data room set up, ongoing administration (user account set up and notification) and support. We have extensive experience in offering this service, as can be seen from the many testimonials on this website.