How Secure Is Email?
- by Justice Levine
Email has now become an integral facet of daily life. Many companies almost exclusively rely on email for communicating with staff, clients and vendors. This typically applies to every industry and sector, and most people don’t give the emails they send throughout the day a second thought, this includes the attachments that are a part of those messages.
Despite how common and the utility of email, sharing important or sensitive documents over email comes with certain risks. Email accounts might be hacked by cybercriminals using phishing attacks or some other method, allowing them to access your email communications. Emails and attachments may also be intercepted as they transit the internet via email networks. This article will explore how safe the transmission of email is as well as what more can be done to protect it.
Risks Within Delivery
The content of an email is not encrypted by default and its passage starting from your device, to your mail server, and eventually to the recipient’s device is stored in formats that can be easily read by anyone who has access and cares to do so. Additionally, threats that should be taken into consideration are sometimes overlooked, while other issues that aren’t a threat at all can cause people to avoid technology altogether. Anyone with access to your network, network equipment, or mail servers, can potentially read your mail. These people include:
- Anyone with access to your device: installing spyware, copying your mail folders, or as simple as opening your email program are ways your mail can be read.
- Malware: malware can access more than just email, even typing can be recorded if malware is involved.
- Other devices on your network: an unencrypted Wi-Fi allows other devices that are connected to the network to see the data sent and received by other machines.
- Your ISP: can examine all the data you send and receive on the internet.
- Your email provider: if you make the mistake of providing your email service. The provider’s own networking and hosting providers could be included as well.
- The recipient’s ISP: just as your ISP can see everything you do, your recipient’s ISP can see everything they do, such as receive the email you sent them.
- The recipient’s email provider: has the same access as yours does.
- Anyone with access to your recipient’s machine: can do whatever the recipient could, and thus could read, copy, or otherwise access your email conversation.
Email is a useful means of communicating, however, there are a number of ways that confidential information may be compromised when sent via email. Because of this, it is crucial that companies assess their file and document sharing practices and consider investing in services with the best security tools.
How to Secure Your Email
Email was not designed to be secure, but users can enjoy added privacy and security by following these best practices.
Two-factor authentication combines something you know with something you have, such as a debit card, which requires both the physical card and a PIN to verify your identity. Enabling two-factor authentication provides additional security besides a password.
Set Expiration Dates
The average user doesn’t clean up their private inbox, failing to delete the email. Any sensitive information you send could be sitting there months later. At that point, you no longer control the fate of your data. By setting an expiration date on your email, after a certain date, it will no longer be readable by anyone including the recipient.
Encrypt Your Email
The best way to keep your email private is to use SSL and TLS encryption. This protects your email by encoding your messages, rendering them impossible to decipher unless you explicitly authorize someone to read them. Additionally, if your email ends up getting stored on a server outside of your control, you still have power over who gets to see it with the power to revoke that permission at any time.
Sending Secure Email Attachments
Sending private information securely via email or as an attachment is possible, but enabling encryption to do so can have issues that could negate security benefits. Many companies choose a secure email gateway, which helps protect email attachments as well as other email security benefits, such as scanning inbound and outbound emails for malware, scanning messages for sensitive data, and blocking the email from being sent.
Transport Layer Security (TLS) is the most basic form of encryption by encrypting data in transit. Outlook and Gmail use TLS to encrypt email messages in transit being sent to the same service. However, if the receiving server doesn't have TLS enabled, the message will not be encrypted, and there is often no warning that a message was not encrypted. Additionally, because TLS only encrypts the data in transit and not the message itself, it does not protect against emails being intercepted and read once delivered.
To protect email attachments, enterprises and users should consider Secure/Multipurpose Internet Mail Extensions (S/MIME) or Pretty Good Privacy (PGP). Unfortunately, the recipient and subject line of the email will not be encrypted. Both options share similarities except PGP uses a web of trust, whereas S/MIME relies on certificate authorities for trust. In addition, S/MIME is often more compatible with enterprise email clients, including Outlook or G Suite.
What You Shouldn’t Send in an Email
Think before you hit 'send' even if you're not working with sensitive data, as email is entirely too easy to send the wrong information to the wrong people. Some examples of the kind of information you should never send via email include:
- Social Security numbers
- Driver’s License numbers
- Passport numbers
- State-issue ID numbers
- Any bank or financial account numbers
- Credit or debit card numbers
- Protected health information
- Documents protected by the attorney-client privilege
- Any passwords or authentication credentials
The Bottom Line
Email is one of the most convenient ways to send a message, however, many emails fall into the wrong hands due to email being an unprotected method of online communication. Email security has only improved since its inception, however, it is far from being a completely secure means of transmitting important information. Sensitive information is stolen daily, but can be protected by implementing best cybersecurity practices.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself Now
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know
- Complete Guide to Email Viruses & Best Practices to Avoid Infections
Latest Blog Articles
- Thinking Strategically about Email Security in 2021 and Beyond
- Open Source: A Powerful, Yet Underutilized Weapon against Phishing & Zero-Day Attacks
- Buyer's Guide: What to Prioritize in an Email Security Solution
- Buyer's Guide to Microsoft 365 & Workspace Email Security
- EnGarde Cloud Email Security: The Logical Solution to Cyber Risk in Microsoft 365
- Exchange Servers Are Vulnerable - Learn How To Secure Your Email Server Now
- Top Email Security Risks in 2021 - How To Set Your Business Up for Safety & Success
- Ransomware By The Numbers: How Big Is My Risk?
- SMB Ransomware Warnings & How To Prevent an Attack
- Apache SpamAssassin 3.4.6 Release Fixes Two Potentially Aggravating Bugs