Why Email is No Place for Secure Information
By Leo Notenboom
The Question: My business requires the emailing of some sensitive information on a regular basis. I have spoken with my boss and co-workers about all of us using an encrypted email system, but no one seems to think there is a significant threat or danger out there to require these extra steps in security. Can you offer any data to help me convince them that this is a good idea?
Actually, I don’t have hard data to say one way or the other. The risk varies too much on too many factors to really present data that’ll apply in any specific situation.
But we can definitely look at some of the specific factors.
Your scenario of confidential business-related information warrants some consideration, but I want to first discuss the more general case for the average email user.
To be blunt, my experience is that most people have an over-inflated sense of risk when it comes to threats and technologies that they don’t understand.
“Anyone who has access to the network, network equipment, mail servers, or PCs across which your email travels could potentially read your mail.”
And to be sure, email and how messages make it from your computer to mine when you press “Send” is something that the average computer user not only doesn’t understand, but has no reason to understand.
As a result, sometimes threats that should be of concern are overlooked and issues that are really no threat at all prevent people from using the technology to its fullest – or perhaps cause them to avoid it all together.
This post is excerpted with permission from Leo Notenboom.