Most of us use email as the default option for sending any kind of information. It's fast, it's easy and it's secure…right?
Well, the first two things are certainly true, but unfortunately, email is not the right choice for sending confidential information and documents, in fact, it's never been designed to be secure. The inherent architecture of the email means that the complex patchwork attempts used by email clients are good, but doesn't tick that box of being fully secure.
1. Emails cross multiple networks.
Email architecture design means that an email has to travel between a number of networks and servers to get from the sender to the recipient. Each link is a potential point of weakness where hackers can intercept the message (known as a man in the middle attack). If a hacker can or even finds their way into a certain server, they can read any email that has been stored on it, even years beforehand.
2. The bigger the target, the bigger the reward.
Everyone uses emails, and hackers know that. As a result of potentially huge quantities of personal & confidential data available to a hacker should gain access into servers or intercept certain emails, it's naturally more of an attractive target.
It was published recently that hackers were able to access parts of Outlook's email server, accessing some outlook users emails for months. Microsoft refused to comment on how many accounts were affected.
Sometimes it's better to think differently and go for a smaller system which it is a smaller target, but still has dedicated encryption and cyber security measures to protect against hackers.
The sender has no control.
Once you've sent an email, youcan't be certain what willhappen to it.Itmay be accessed illegally on its journey to the recipient, or forwarded on deliberately - or accidentally - once it's been received you won't know or can do anything about it.People can also save or print these emails, which can also end up with them falling into the wrong hands.
Phishing is getting better and more often.
Phishing is a mainstay of email scamming. It is the process of attempting to get your personal information; such as usernames, passwords, or credit card details. Anyone can email you if they've got your address, and it's quite likely that your email address is out there online. Phishing emails can appear like it's come from your own organisation, the scammers interact with you just as someone from your organisation or client would do.
Whilst spam filters do help in blocking many of the phishing attempts they recognise, some will always still get through, and as with everything, it only takes one email to cause damage.
Not only you, but your clients need to pay special attention to any emails relating to your services. Make sure you double-check with all parties when any email comes through relating to payments or if they contain any attachments.
5. Email encryption is not infallible.
If you don't know much about encryption, you can read our brief guide on encryption here to get up to speed.You may have been advised that if you make sure your emails are encrypted, they will be safe. But this isn't the case. Last year a vulnerability called EFAIL was discovered in Outlook, which turned encrypted emails into plain text. This affected an email encryption method called PGP – and it's fair to assume that if one method can be overturned, others can too. In June 2019 a new vulnerability was found in 57% of the world's email servers which allowed attackers to run commands on the server as an admin. Simply an attacker could run any command they wanted, such as downloading all emails, or all attachments in emails.
What can we take from this?
Email is not going anywhere - it's universal and accessible for all of us to use. But as we mentioned earlier, no number of plasters will patch up the inherent insecure architecture of email. This is why we have to look at solutions where we can protect not only our information and confidential documents but more importantly keep clients information safe.