It's common for most companies to invest in technology that secures their perimeter, such as state-of-the-art firewalls. But an organization's security is only as strong as its weakest link which is typically the email infrastructure. Even some of the largest organizations have made headlines by not taking encryption such as AT&T and Dell. Let's take a look at what can happen when emails are distributed unencrypted.
Your Internet Service Provider Can Spy
Your internet service can easily turn against you as your trusted provider. Recent proposed legislature has presented the need for authorities to retrieve data from internet service providers without having to obtain a court order. This means any unencrypted emails housed by your provider can be handed over without your consent.
There have also been other known instances where a service provider was found guilty for unlawful email interception. In one particular case, the founder of Demon Internet was found guilty of intercepting email from a client after hiring a private investigator to spy on a client.
It also begs the question though: how many ISP employees have the ability to view unencrypted messages send by your corporation and how could you ever be sure that they won't pry?
Data-security laws such as HIPAA, Gramm-Leach-Bliley and Sarbanes-Oxley could find you in breach by not taking measurable effort in protecting client data. A leak in client data, whether intentional or not, can leave you swimming in fines not to mention a loss in goodwill.
Fortunately some of these same laws have what's referred to as "safe harbor" provisions. If you can demonstrate you've taken reasonable means to to protect client data using email encryption, the law can work in your favor.
Hacker's Love for Unencrypted Email
An attacker could be an unauthorized external third party as well as one of your own employees with a hidden agenda. Whichever the case, software exists that can easily allow a snooper to view data sent 'over the wire' with little technological savviness.
Aside from viewing unencrypted email that may contain sensitive information, hackers often want to obtain login credentials to other systems. This can then lead to an escalated attack where your entire infrastructure becomes an open book to the attacker. All from one single unencrypted email.
Your employees are busy and often times swamped multitasking between their work. Just one accidental slip of the finger could lead to one of your employees sending a confidential email to unintended recipients.
In one recent case, an employee at the bank UBS had inadvertently leaked confidential information through an email to over 100 people pertaining to one of their clients, General Motors. GM dropped UBS as a result of the blunder in a deal that had been worth $10 million. Had encryption been used, those 100 people would have received a scrambled, undecipherable message that they would have just deleted and UBS would have likely maintained their client's relationship.
Unencrypted email is an easy target for third parties which can take many forms including hackers as well as your own internet service provider. It's also all too easy for your employees to distribute an email to unintended recipients. Consequences of not using encryption include fines through legislation and loss of clients.
You should consider an end-to-end encryption solution that safeguards all your systems including employees accessing email through mobile devices. If your organization is struggling to ensure your email data remains secure, then you should consider using a vendor's services that can provide email encryption services for you.
Encryption isn't an option, it's a necessity.