Manage Learn to apply best practices and optimize your operations.

How to prevent poor e-mail practices

In this Ask the Expert Q&A, our application security expert examines why organizations should implement and enforce an enterprise-wide e-mail encryption security policy.

How can I "prove" that sending confidential information to customers across the Internet without encryption is a poor business practice?
The Internet is a high-risk environment and according to the FBI's International Computer Crime Squad, one of the most common cyber crimes committed against businesses over the Internet is theft of trade secrets. While many businesses shred their sensitive paper documents to combat dumpster diving, very few encrypt their sensitive digital documents and e-mails to combat cyber espionage.

Sending an e-mail is the equivalent of sending a postcard – anyone can read it. Once an e-mail leaves a computer, it travels over multiple online services and open networks to reach its destination. It can be intercepted and read anywhere during its journey. It can also be read from the numerous backup devices and will be stored by various routing services. For example, co-workers can easily intercept an e-mail sent from an office computer as it travels through the corporate network. In addition, external e-mails travel to and from a computer via an Internet Service Provider (ISP), making ISPs one of the easiest places to intercept traffic. Broadband users share the local loop, which means neighborhood Internet traffic shares the same physical wires. With certain bits of hardware and some know-how, a hacker can easily intercept an e-mail on its way across the local loop. Finally, wireless network traffic is susceptible to interception at the base station for the antenna.

These examples are by no means the only places e-mail can be compromised, and with thousands of hackers on the Internet and so many vulnerable points, never assume an e-mail is private, unless it is encrypted.

Your clients not only need to encrypt their e-mail, but all their sensitive files and data too. They should also be enforcing a security policy aimed at securing their computers against spyware and malicious code to prevent computer-hacking and illegal eavesdropping by hackers and their competitors.

More Information

  • Attend Lesson 3 of E-mail Security School to learn about e-mail policy control.

  • This was last published in December 2005

    Dig Deeper on Information security policies, procedures and guidelines

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.