Secure email - guarding against a false sense of securityPublished on 08 Nov 2004
An indispensable business communications tool
What began as a convenience in the private domain has grown to become an indispensable part of any functioning 21st century business’ communications.
Today, email is used to send a wide scope of business-related information, ranging from communications and invoices to statements, contracts and more. So it’s fair to say that email is here to stay. Unfortunately, so are hackers.
One of the most significant trends over the last year or so, is the move from teenage hacking in the interests of ‘fun’, to well-organised crime syndicates hacking sensitive company information for serious profit. Hackers are also far more professional than they were in bygone days, and their criminal skills are now well-honed.
A common misperception is that email hackers only want to steal our banking passwords. In actual fact, the majority of email identity theft happens outside the banking environment. Since hackers are trying to build up an online profile of you, any documents are prey: from phone bills and utility communications to informal emails.
So not surprisingly, non-secure email is providing a vast and rich feeding ground for these criminals. And yet, we still see companies freely using non-secure email to send and receive sensitive information. Why?
Exploding the illusion of anonymity
Since its inception, email has been characterized by a feeling of anonymity. The huge volumes of email delivered globally on a daily basis have given us the illusion of confidentiality – a needle-in-a-haystack mentality that believes, ‘They couldn’t possibly find ours.’
But that position is simply not true. And with increasingly more companies around the world awakening to the dangers of emailing sensitive information, many are realizing this sense of security is false.
Needless to say, trust is a pivotal element in any company-customer relationship.
A company simply cannot afford to allow confidential customer information to leak out without their knowledge and full consent. This would be a major threat to the equity of the brand, not to mention flying in the face of regulatory compliance.
Indeed, non-secure email presents a very real and potentially disastrous security risk. Before it even reaches the receiver, an email can easily be intercepted, rerouted, copied, changed, or even deleted altogether. Companies dealing regularly with sensitive email need to give serious thought to a secure solution. And that solution is none other than encrypted (secure) email.
The many advantages to secure email
Along with the obvious benefits to company security – as in better control of your sensitive documents and reduced risk of exposure – secure email offers a number of other advantages.
Time and money factor in, too. Many companies spend large amounts of time and money each year using courier and bulk mail services. Secure email replaces the need to courier confidential documentation, dramatically speeding up the delivery process and saving you needless expenditure. There are also many kinds of documentation that are currently not considered for email delivery, due to their highly confidential nature. Often these include contracts, financial information, personal details, medical profiles, HR-related information – and more. Secure email gives a company the ability to send all of these document types quickly, conveniently and above all – safely. A company who can achieve this will not only save themselves dollars and hours, but gain themselves a competitive advantage with greater loyalty from suppliers, partners and customers.
Furthermore, modern legislation and corporate governance requirements place a strong-than-ever emphasis on internal control, reporting and data access. But through encrypted email and digital signatures to mitigate security risks, and by equipping key staff with the necessary tools, a company can easily comply.
Secure email comes of age
Traditionally, the most common secure email solution has been digital certificates, where the customer is asked to download a certificate and thus begins the complexity of public and private key infrastructures. So while it’s a strong form of security that’s used by organisations like the ATO, it has never achieved broad-based adoption.
Another form of secure email has been the use of a physical device like a ‘smartcard’, where the decryption of sensitive email can only take place via the device itself. But this solution has its own pitfalls, mainly logistical and financial ones: the effort and money spent in getting your smartcard into the hands of each and every customer. It’s also an issue of convenience, since the customer would prefer to have one card for all their decryption requirements. Which in turn leads to a problem of ownership: if they did have just one smartcard, who would issue it?
In the end, the customer wants an easy, convenient answer – something as simple as entering a username and password or another shared secret. International companies like Striata have developed a user-friendly and highly effective secure email platform. As Striata Australia’s Managing Director, Steven Orleow says, “We’ve been installing secure email in companies for over 5 years now, and what we’ve found is our customers want a high level of security with a low level of complexity. All they want to have to do is type in a username and password. And that’s what we give them; without compromising on the security.”
It all adds up Orleow also goes on to say, “We’ve seen a clear progression in the types of documents that companies want to have emailed securely. What began as regular, high volume financial information like statements and payslips, has grown to include highly sensitive documents like draft contracts, shareholder communications and project information.”
To sum up, there’s a multitude of compelling reasons for implementing a secure email solution. Your company will benefit from:
- Better control of your sensitive documents
- Reduced risk of exposure
- Dramatically faster delivery times
- Lower document delivery costs
- Compliance with required regulations
On the notion of hacking, Orleow adds, “One of the greatest risks from a brand credibility perspective is having your confidential customer data exposed by a hacker. Today we’re seeing a greater desire than ever to prevent this from happening.”