The practice of email encryption (turning a message into code before sending it beyond the network) has become standard protocol for the majority of email transactions today. This practice can be seen in both the private and public sectors, but it is especially prevalent within public organizations - where 83% of federal agencies have policies allowing employees to encrypt emails.
Encryption -- turning a message into code before sending for security reasons -- has become standard protocol for sending the majority of email transmissions today. This trend can be seen in both the private and public sectors, but it is especially the case in the public sector, where 83% of federal agencies have policies allowing employees to encrypt emails.
While this sounds like a positive development, unfortunately, encryption is a double-edged sword. Encrypting messages does add a significant level of security, as encrypted messages have to be unencrypted, which takes time and makes them much less valuable to hackers. But emails that users encrypt at their desktop before sending cannot be subjected to any kind of content verification by network security, which makes it almost impossible to trace unauthorized data transmissions. In practice, the encryption that is used to guarantee the security of data actually becomes a method to send unauthorized data undetected through the email gateway.
The Encryption Conundrum
This encryption conundrum puts IT managers between a rock and a hard place. Nobody wants to give up the high level of security provided by encrypting employee emails, but IT security experts almost all say that significantly more unauthorized data is lost from networks by email than flash drive, disc or any other method.
The problem is just going to grow as more businesses and agencies move to encrypting most or all of their email traffic. A recent study suggested that over 80% of IT security managers were concerned about loss of sensitive data through encrypted email.
Advanced Email Security Technology
The only way to effectively solve this encryption conundrum is with advanced email security technology. Thorough training of employees on encryption protocols and other software analytics methods will help control the loss of sensitive data through encrypted emails, but these measures will not thwart a smart and resourceful individual.
To be sure that no one is sending out unauthorized data in encrypted emails, IT managers must have the ability to unencrypt files before they are routed to your Exchange server for outbound transmission. This is obviously a more laborious and time consuming process, but protocols can be set up so that only certain messages or a certain percentage of messages are unencrypted before outbound transmission.
This kind of advanced email security takes some significant expertise to set up properly. Federal agencies will likely staff up their IT departments and take on the task in-house. But that idea can be a little daunting for small and medium-sized businesses. Small and medium businesses should consider working with a high-end local IT services provider to get the results they want. Learn more about how to secure your email from a data leak.
An astounding half a million credit cards have been stolen from an unidentified Australian company. The hackers responsible for the theft are said to be an Eastern European group who are also suspected to be the same one’s that threatened the business continuity of Subway restaurants in 2011. A total number of 150 Subway restaurants in the US were victims of similar hacking.
- “You can look it up.” Do you use a password that can be found in a dictionary? If you do, then a hacker can simply bang on your log-on with a simple dictionary program until he has access to your account. Fix: Consider one of two options most professionals in IT security recommend. Either create a password that contains odd characters interspersed with random letters and numbers or use a pass phrase instead of a password.
- “Be a snowflake.” You need to use a different password for each different site. You do this, right? Oh... Even if you do come up with a strong password, IT security professionals report most people use only one or two passwords for all their log-ons and, of course, that means someone only needs to crack your single password to access all your sites.
- “Don't leave a paper trail.” You'd be amazed how many people write down their passwords on a Post-It and stick it onto their monitor or, if they're really cagey, underneath their keyboard or lap drawer. IT security best practices recommend you never, ever do this.
- “Cover your tracks.” IT security professionals also recommend that, whenever possible, you use a secure connection when you log on. What's a secure connection and how to you make it? Take a look at your address bar. If the address starts off “http://...etc.” then the connection is not secure and an evil doer might be snooping on your session. Try a very simple, single change by using an “s” so that the address looks like this: “https://...etc.” And this encrypts the connection between your browser and the website and thereby making it more difficult for evil doers to do evil.
- “Loose lips sink ships.” One of the most notorious hackers in modern history, Kevin Mitnick preferred “social engineering” to technology techniques. In other words, what he did most of the time was call people up, pose as a system administrator and simply ask users for their passwords. One famous study in England discovered most people would give up their password for a candy bar.
- “We have the technology...” There is a new generation of software utilities that help you manage passwords. For example, a utility called LastPass is a browser extension that connects a heavily encrypted password vault to your browser. Once installed you only have to remember one, highly-secure password and then LastPass can automatically fill in all the others. Even better, LastPass can generate super random, secure passwords whenever you open up a new account on a website or change your password on a site where you already have an account. And finally, perhaps best of all, you can install LastPass on the browser you use at work and the browser you use at home and any other browser you use. This way, you will enjoy convenient security wherever you are.
Telling someone to BYOD is literally a four-letter word in many IT departments. Also known as “bring your own device,” BYOD is a cloud-based concept which allows mobile devices to access a private or corporate network. Employees can access the network using their tablets, cell phones, laptops and other mobile devices.
Lack of well-implemented email encryption remains one of the weakest links businesses face today. Companies who fail to take necessary precautions can be fined due to failure to comply to applicable legal acts, lose customer loyalty and their market competitiveness. Don't make the mistake of implementing it based on bad advice though. Let's look at some of the worst email encryption advice that could leave you vulnerable.
IT security news sometimes seems like an ongoing list of companies that have found themselves the victim of hacking groups or hacktivists, hackers that operate not out of a desire for fame or ill-gotten gains but in order to send a political or social message. All too often, the intrusions suffered by these businesses lead to the public release of information best kept private. The latest such company to find itself the victim of such tactics is none other than internet giant Yahoo!, which was attacked by hacking group D33Ds.
Sending your data into the cloud has implicit security risks. Attackers could potentially intercept the data during transmission or the data can be compromised on the cloud server itself. Ensuring encryption exists at all points of transmission and storage will help to ensure your data remains secure. Let's look at several aspects of security when selecting your cloud-based service provider.
Even though federal officials have recently taken down a large international credit card fraud ring, IT security experts are warning small and medium-sized businesses that the long-term prospects for this type of criminal activity are still alarmingly strong. All legitimate organizations that deal with sensitive financial information such as credit card numbers and expiration dates need to understand how to protect their customers' privacy better. This involves understanding how the criminals in the recent card fraud ring operated.