Message in a Bottle
Email is popular. (And for my next understated observation…) and not very secure. Okay, so everybody knows how to send an email but not everybody knows that email messages are sent in “clear text.” This means that anything sent in an email can be viewed by anybody along the message’s route of transmission. To put it simply, think of an email the same way you would regard a postcard – anyone who comes in contact with it could read it.
The tenat of information security that deals with safeguarding sensitive information is referred to as “Confidentiality.” The opposite of keeping something secret is to disclose it. A breach of confidentiality is called disclosure. By default, email and instant messaging have no capabilities for keeping things confidential. To do that, our message needs a better envelope.
The way to secure the confidentiality of email is to encrypt it. If normal email is a postcard, then encryption is like a security envelope. The more sensitive the message contents, the thicker the envelope should be. Encryption is the process of transforming the “clear text” message into one that cannot be understood without decrypting the message using a password or “key”. It should also be remembered that encryption only protects the confidentiality of a message. It does not protect the data from being altered, impersonated or stolen in the first place.
Although the mechanics of encryption are complex, you don’t have to be a rocket surgeon to use the tools. Message encryption can be accomplished with tools that range from the robust (i.e. expensive) to the unsophisticated (i.e. free). Whether you select a feature-packed solution or one that offers iron-clad safeguards but without the bells and whistles, make no mistake: no matter what type of product you choose, the math of encryption algorithms doesn’t change. My advice would be any tool worthy of your consideration should accommodate the security standard of AES-256.
- Microsoft guidance on the use of digital signatures and encryption in Outlook. http://support.microsoft.com/kb/286159
- Steve Gibson of Security Now! has a series of podcasts that take a REALLY deep dive into the how, what and why of encryption at http://www.grc.com/securitynow.htm. See episodes 30 – 37.