So, you’ve secured your mail server and implemented all the necessary security policies. You think all your data is safe now and your privacy is protected? Think again. What about your correspondence? Email is the standard communication form within a business, and between the business and its suppliers and/or clients. However, the email’s pathway from sender to recipient is inherently insecure. In its travels, the message is stored on a minimum of two servers (the MX hosts), the sender’s and recipient’s computers, and possibly other hosts too. There are innumerable points along the way where the email can be intercepted, e.g., by a disgruntled employee, the NSA (fishing for keywords) hackers, malware, sniffers randomly searching the Net, etc. Protecting email confidentiality can be as difficult as protecting the information carried by unsealed snail mail.
The only sure way to protect confidential information from being intercepted or, worse, falsified, is to use secure email encryption. That is, use an algorithm to change your plain text/html file into cipher text that can’t easily be turned into a readable format.
How does encryption work? One of the common ways is to use public key infrastructure (PKI):
Step 1: Fred uses a private key to encrypt and send his message to Leroy
Step 2: Leroy receives a public key with the message
Step 3: Leroy uses his public key to decrypt/read the message, and encrypt his reply
Step 4: Fred uses his private key to decrypt and read Leroy’s reply
This encryption/decryption process authenticates and validates the communication. Authentication via encryption protects your credentials: your username and password. Validation is provided by a digital fingerprint and/or signature – algorithms that accompany the message; both are created using the private key. Any attempt to alter the message would also change the fingerprint, and changing the sender’s address would change its signature. Using the public key, the recipient verifies the fingerprint and signature, thus ensuring that the email is authentic and has not been altered.
Thus, when you consider just how insecure your business communications can be, email encryption is a viable, relatively simple method of ensuring your company information is safe from theft or falsification.