Digital Security // By Todd SextonFixing e-mail vulnerabilities in your organization

Published 23 December 2014

E-mail is by far the most widely used and the least secure form of communication. The reason why e-mail is so vulnerable to attacks is because most organizations simply do not take any steps to secure it. Some often believe that e-mail messages are like private letters — securely sealed while in transit, and can only be opened when they reach the recipient. In reality, unsecured e-mail can be compared to a postcard which can be easily intercepted along the way.

E-mail is by far the most widely used and the least secure form of communication. As the worldwide business, e-mail traffic is projected to increase over the next four years from about 109 billion messages per day in 2014 to about 139 billion in 2018. The risk of e-mail messages getting hacked or misdelivered is expected to surge as well.

The reason why e-mail is so vulnerable to attacks is because most organizations simply do not take any steps to secure it. Some often believe that e-mail messages are like private letters — securely sealed while in transit, and can only be opened when they reach the recipient. In reality, unsecured e-mail can be compared to a postcard which can be easily intercepted along the way. Before reaching the recipient, an e-mail often gets routed through multiple servers, sometimes located in different parts of the world. At each server, it is scanned and copied, allowing multiple parties easily to access and save the content.  

Network sniffers, freely available to anyone on the Internet, are used to steal data of unsuspecting organizations. These attacks are more opportunistic than targeted in nature. By silently collecting all content, sniffers simply wait for useful pieces of information (that is, passwords, credit card numbers, social security numbers, etc.) to pass through a compromised network. Illegal packet sniffers can be installed anywhere on a network as either software or hardware, and are often very difficult to detect.

The best protection against sniffers is, of course, e-mail encryption. Many companies, however, have failed to keep up with security requirements to protect themselves and their clients. The difficult deployment and high maintenance costs of encryption solutions have always topped the list of excuses of why it is not reasonable to adopt. At the same time, due to recent regulatory changes requiring organizations to safeguard sensitive data of their customers, many organizations no longer have a choice. They either have to deploy the technology, or face stiff penalties and fines.

On the bright side, most organizations do not have to spend a fortune anymore to protect their content. Modern encryption solutions are much more affordable compared with the older generation of encryption products.

There are a few considerations to keep in mind when looking for an encryption solution. First, the chosen solution should offer message encryption not only for computers, but also for mobile devices. As users are becoming more mobile, it is essential to protect all communication channels used by an organization. It is also important because state and federal laws do not make a distinction between messages sent from computers or smart phones.

The second important detail to consider is the degree of product’s usability. Arduous, multi-step encryption products simply discourage employees from using them, resulting in lower user compliance and adoption.

In addition, there are a few more considerations to keep in mind while looking for an encryption product, including: scalability (how easy/difficult it is to add users as your company grows?); control (is your company still in charge of the e-mail system?); end-to-end encryption (as opposed to only server-to-server security); and recipients’ ease of use of the system.

With the latest technology, securing e-mail is no longer difficult or expensive. It is simply a matter of picking the right solution for your organization, and making sure that your users are fully trained in how to use it.

— Read more in Email Statistics Report, 2014-2018 (The Radicati Group, Inc., Palo Alto, California, April 2014)

Todd Sexton is the CEO of Identillect Technologies Inc.