Using email to send sensitive information
Electronic mail (email) is the use of an application such (MS Outlook, MS Mail, Eudora, etc) to send online mail. Email is very fast and can be used to communicate to people far and wide. Hence, email has become an essential part of our everyday communications life.
We use email to send and share sensitive documents, photos, contracts, bank details, user credentials etc. Some of these documents may already be in the public domain, such as photos, which we may already have in some social networking site that are shared with friends and family. Unfortunately, some of the other documents we send via email may be sensitive, contractual or of competitive value. For example, marketing information that is still of competitive value, contracts that have been signed or accepted, bank login that can be used to transfer/withdraw funds from an account. It is pertinent to note that when any of this information gets to the wrong hands, our valued assets can be compromised leading to stealing of funds, marketing information or business contracts. Therefore, it is important that we protect our email communications, or the content of the email we send, as at when necessary.
Recommendations:
To share/send sensitive information of information or information of competitive value such as bank details, contracts, marketing information etc via email, the email content must be secure. Here are ways to send secure emails:
1) Use secure mail. Secure mail is an email client that uses digital keys for encrypting and signing of the email. For example, PGP (Pretty Good Privacy) is an email client that provides digital signature and encryption. Digital signature helps to proof that you’re the one who sent the email, but it does not protect the content from abuse of misuse. Encryption is used to protect the content of the email, by transforming the content into an unreadable form till when the message arrives to the intended recipient. Another secure email client is S/Mail for secure mail. Some of these secure email applications are not free, but free legitimate versions exist on the web. There is open source PGP available that one can download and install.
2) Use WINZIP. WINZIP is an application used to compress and decompress files/documents, but it also provides security through encryption. It is an improvise way of sharing sensitive information via email. First, you need to winzip the document you intend to send. While zipping the information, you go for the option of encrypt before zipping. This will allow you to use a key to encrypt the document before sending it across. When the recipient receives the email, he/she would require you to share the key with them. So you will need to send them the key either via text/phone call or a second email.
Tips:
1) If you can’t afford secure mail, and don’t want to use Winzip; then form the good habit of sending all sensitive documents in multiple parts emails. For example, send the first part of the document that does not contain the sensitive bits. After few minutes, send another part, and after several minutes send the remaining parts. What you achieve with this technique is reducing the possibility of anyone who intercepts the message to have the whole content intact; except the person who is the intended recipient. Note that this technique is not future-proof, because a motivated attacker may be able to intercept all the messages by continuously monitoring your communication-link until the attacker gets all the messages. But this chance is very remote unless the attacker is an insider who’s able to monitor communications path before they exit your default gateway into the big web.
Caveat: Some email message containing zip files may be trapped by firewalls and may never get to the recipient. Please check that your firewall or your recipient’s firewall does not trap zipped files.
We use email to send and share sensitive documents, photos, contracts, bank details, user credentials etc. Some of these documents may already be in the public domain, such as photos, which we may already have in some social networking site that are shared with friends and family. Unfortunately, some of the other documents we send via email may be sensitive, contractual or of competitive value. For example, marketing information that is still of competitive value, contracts that have been signed or accepted, bank login that can be used to transfer/withdraw funds from an account. It is pertinent to note that when any of this information gets to the wrong hands, our valued assets can be compromised leading to stealing of funds, marketing information or business contracts. Therefore, it is important that we protect our email communications, or the content of the email we send, as at when necessary.
Recommendations:
To share/send sensitive information of information or information of competitive value such as bank details, contracts, marketing information etc via email, the email content must be secure. Here are ways to send secure emails:
1) Use secure mail. Secure mail is an email client that uses digital keys for encrypting and signing of the email. For example, PGP (Pretty Good Privacy) is an email client that provides digital signature and encryption. Digital signature helps to proof that you’re the one who sent the email, but it does not protect the content from abuse of misuse. Encryption is used to protect the content of the email, by transforming the content into an unreadable form till when the message arrives to the intended recipient. Another secure email client is S/Mail for secure mail. Some of these secure email applications are not free, but free legitimate versions exist on the web. There is open source PGP available that one can download and install.
2) Use WINZIP. WINZIP is an application used to compress and decompress files/documents, but it also provides security through encryption. It is an improvise way of sharing sensitive information via email. First, you need to winzip the document you intend to send. While zipping the information, you go for the option of encrypt before zipping. This will allow you to use a key to encrypt the document before sending it across. When the recipient receives the email, he/she would require you to share the key with them. So you will need to send them the key either via text/phone call or a second email.
Tips:
1) If you can’t afford secure mail, and don’t want to use Winzip; then form the good habit of sending all sensitive documents in multiple parts emails. For example, send the first part of the document that does not contain the sensitive bits. After few minutes, send another part, and after several minutes send the remaining parts. What you achieve with this technique is reducing the possibility of anyone who intercepts the message to have the whole content intact; except the person who is the intended recipient. Note that this technique is not future-proof, because a motivated attacker may be able to intercept all the messages by continuously monitoring your communication-link until the attacker gets all the messages. But this chance is very remote unless the attacker is an insider who’s able to monitor communications path before they exit your default gateway into the big web.
Caveat: Some email message containing zip files may be trapped by firewalls and may never get to the recipient. Please check that your firewall or your recipient’s firewall does not trap zipped files.
posted by Cyril at 2:13 PM
0 Comments:
Post a Comment
<< Home