For many people, the concept of secure email means that spam and potentially harmful email content are affectively blocked by a firewall, writes
Hilbert Long, channel manager at Comztek. However, what few people do not realise is that for an email to reach the company firewall, it goes through a number of checkpoints where it can be intercepted, read and potentially tampered with.
So apart from the firewall, how do you make sure that your email is truly secure? The answer is encryption, which if used in conjunction with digital signing, provides the ultimate level of email security.
Encrypting your email ensures that it can only be read by its intended recipient. The same way you would put a personal letter in an envelope to ensure that those who handle it at the post office cannot read it, encrypting an email ensures that its content remains safe from those who may have access to it while travelling through the various checkpoints towards the recipient. Anyone who is still sending mail via the post office will understand this analogy.
There are different methods or levels of encryption and organisations can adopt one that works best for them. These are:
* B2B or business–to-business encryption which describes a system where two companies agree on a mutual encryption standard and then begin exchanging email directly between each other using this method.
* B2C or business-to-consumer, a system where a business does not need to decide on a common encryption method but instead sends the message to a secured website where the consumer first must authenticate him/herself to prove who they are and then retrieve the message, typically through a secured browsing session. This means the consumer does not require any compatible encryption product but does need to manually retrieve each message.
* Gateway-to-gateway encryption, where an email message is encrypted only between the sending and receiving hosts but not between the hosts and the email client used to compose or read the message. This means the email is encrypted on the Internet but not on a company’s internal network. The advantage of this is that you only need one certificate for all users but the disadvantage is that if security is paramount, even internally within a company this does not protect that email on the internal network.
* Desktop-to-desktop encryption, where an email message is encrypted all the way from the client used to compose the email message to the email client used to read the email message. The advantage of this is that the email message is encrypted at all times providing paramount security but the disadvantage is that individual certificates are required for each user.
In an article posted to ITsecurity.com, the 25 most common mistakes in email security were discussed, and amongst these was the failure to use digital signatures.
And with the law now recognising email as an important communication tool, especially in business for signing contracts and/ or entering into financial agreements, it is imperative to protect the credibility of organisations.
While the ability to enter into these contracts online has made all of our lives easier, it has also created the added concern of someone forging your emails and entering into agreements on your behalf without your consent.
One way to combat email forgery is to use a digital signature whenever you sign an important email. A digital signature will help prove who and from what computer an email comes from, and that the email has not been altered in transit.
By establishing the habit of using an email signature whenever you sign important emails, you will not only make it harder for the other party to those agreements to try to modify the email when they want to get out of it, but it will also give you extra credibility when someone tries to claim that you have agreed to a contract via email that you never did.
No matter how many steps you take to minimise the chance that your email is being monitored by hackers, you should always assume that someone else is watching whatever comes in and out of your computer.
We advise users to remain vigilant – and to invest the time and resources to protect not only the information they are sending via email, but also their reputations as credible organisations.