Computing Security, Online Threat

Hack Lesson: Email is Postcards

Email is Postcards

Email is Postcards! It’s our twist on a tale as old as email and the 3rd installment in our series on lessons learned from the Yahoo hack.

What we are addressing here is the misconception that email communication is secure.  So we would like to call upon the old adage that if email were in the form of physical mail (aka “snail mail”), it would be on postcards instead of in sealed envelopes!

It is actually a fairly strong analogy.  People send postcards fully knowing that anyone handling the mail can read them.  It used to be that many internet users used the same approach.

But we as a society have probably forgotten this as we conduct our electronic correspondence.  Witness how the hackers recently indicted in the Yahoo data breach were able to pull login credentials for other accounts and even more sensitive items such as credit card numbers out of email messages.

You may point out that you often get passwords from websites via email.  But think carefully and many of those passwords are temporary and require that you change them as soon as you log in.

It is possible to encrypt your email.  The technology has only somewhat recently reached a better balance between ease of use and level of protection.  As partners with several security vendors, we can help you find a solution that meets your requirements.

But no matter who sets up your encryption and whichever system you choose, always keep in mind that both the sender and recipient need to be able to respectively encrypt and unencrypt the messages with ease.  Otherwise, if someone decides encryption is too inconvenient, they won’t use it.  Which basically is like having an armored car, but your employees are transporting your valuables on the subway.

Also keep in mind that many encryption standards only encrypt the body of the message and while it is possible to completely mask your sender and recipient data, in practice you would have to take steps straight out of a spy movie to fully anonymize the act of transmitting email.

And of course, there’s always the reality that any form of encoding that is considered unbreakable today will by cracked soon.  History has proven that with the right combination of time, resources, and ingenuity…someone will figure it out.

So maybe it’s just best to keep using email with the understanding that someone could read it and simply not use email to send confidential data.  After all, people still send postcards.

For business purposes, it is probably better to focus on securing your documents by means of storage management, controlled access, and collaborative sharing, instead of sending email attachments.  Used with secure messaging, you practically eliminate the risk of malicious parties intercepting your confidential business files.  Just make sure your storage system is properly secured and access is properly authenticated.

So your documents can stay safe and your regular communications and your marketing can stay on those virtual postcards!


Further Reading

Learn about password safety:

Hack Lesson Use Different Passwords



Beware of Phishing!



Free Email is No Bargain!







Email is Postcards

Leave a Reply

Theme by Anders Norén