Q

How to prevent poor e-mail practices

In this Ask the Expert Q&A, our application security expert examines why organizations should implement and enforce an enterprise-wide e-mail encryption security policy.

How can I "prove" that sending confidential information to customers across the Internet without encryption is a poor business practice?
The Internet is a high-risk environment and according to the FBI's International Computer Crime Squad, one of the most common cyber crimes committed against businesses over the Internet is theft of trade secrets. While many businesses shred their sensitive paper documents to combat dumpster diving, very few encrypt their sensitive digital documents and e-mails to combat cyber espionage.

Sending an e-mail is the equivalent of sending a postcard – anyone can read it. Once an e-mail leaves a computer,

it travels over multiple online services and open networks to reach its destination. It can be intercepted and read anywhere during its journey. It can also be read from the numerous backup devices and will be stored by various routing services. For example, co-workers can easily intercept an e-mail sent from an office computer as it travels through the corporate network. In addition, external e-mails travel to and from a computer via an Internet Service Provider (ISP), making ISPs one of the easiest places to intercept traffic. Broadband users share the local loop, which means neighborhood Internet traffic shares the same physical wires. With certain bits of hardware and some know-how, a hacker can easily intercept an e-mail on its way across the local loop. Finally, wireless network traffic is susceptible to interception at the base station for the antenna.

These examples are by no means the only places e-mail can be compromised, and with thousands of hackers on the Internet and so many vulnerable points, never assume an e-mail is private, unless it is encrypted.

Your clients not only need to encrypt their e-mail, but all their sensitive files and data too. They should also be enforcing a security policy aimed at securing their computers against spyware and malicious code to prevent computer-hacking and illegal eavesdropping by hackers and their competitors.


More Information

  • Attend Lesson 3 of E-mail Security School to learn about e-mail policy control.

  • This was first published in December 2005

    Dig deeper on Information Security Policies, Procedures and Guidelines

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close