First, Google threw down the gauntlet in June by releasing its Transparency Report which said 40 to 50 percent of its email was unencrypted as it travelled across the web because all email providers were not on the same page regarding encryption. Then Microsoft scrambled and announced a month later that Microsoft email has made improvements to their email security on Outlook.com by adding “TLS” and “PFS”. What’s TLS and PFS, you may ask? TLS (Transport Layer Security) makes the email better protected as it travels between one email provider to the next. PFS (Perfect Forward Security) enhances this further by using a different encryption key for every connection, so hackers can’t decrypt your subsequent email by using the key they obtained when they first hacked you.
So you think email is finally secure? Think again. The announcements by Google and Microsoft only have to do with protecting data in your email during the short time while it travels across the web and only between exchange servers or within a google-Microsoft connection, anywhere else all bets are off. What happens once that email is received? What about email security? Well, it now sits un-encrypted in the recipient’s Inbox (as well as in your Sent folder). And that’s crucial to understand. While the confidential data in your email is encrypted in-transit, that email now sits unencrypted while at-rest. Big difference. Why? Because breaches of data/email security are more likely to be internal rather than external. For example, a rouge or disgruntled employee who reads and copies your email while you’re away at lunch. Or the new IT guy who just might be in cahoots with your competitor.
How to protect data in your email? The answer is docNCRYPT
So what else can you do to further about your email security? Simple. You should make it a habit to encrypt your email message and attachments using a strong password. And tell your accountant or lawyer to do the same when they email you. This will add an additional layer of protection to your emails. And if you send confidential information via email that you need your recipient to redline or edit, consider using docNCRYPT which will automatically put a password on your Office documents without forcing you to convert them to PDF. Combining Microsoft email (Outlook) with password-protecting your emails..….now that’s much better.
Saj Patel is the Vice President of Development for Azstec LLC, the creators of docNCRYPT, the incredibly simple email and document security solution for everyone. (with no backdoors) If you have any comments or questions, email Saj at spatel [at] azstec.com and follow the Azstec Blog or on Twitter or LinkedIn