Helping people with computers... one answer at a time.
Email is ubiquitous and convenient, yet surprisingly not very secure. I'll look at why that is and when you should worry.
My business requires the emailing of some sensitive information on a regular basis. I have spoken with my boss and co-workers about all of us using an encrypted email system, but no one seems to think there is a significant threat or danger out there to require these extra steps in security. Can you offer any data to help me convince them that this is a good idea?
Actually, I don't have hard data to say one way or the other. The risk varies too much on too many factors to really present data that'll apply in any specific situation.
But we can definitely look at some of the specific factors.
Your scenario of confidential business-related information warrants some consideration, but I want to first discuss the more general case for the average email user.
To be blunt, my experience is that most people have an over-inflated sense of risk when it comes to threats and technologies that they don't understand.
And to be sure, email and how messages make it from your computer to mine when you press "Send" is something that the average computer user not only doesn't understand, but has no reason to understand.
As a result, sometimes threats that should be of concern are overlooked and issues that are really no threat at all prevent people from using the technology to its fullest – or perhaps cause them to avoid it all together.
It is possible to sniff and eavesdrop on email conversations.
It's also not particularly easy, unless you're on an open WiFi connection.
By default, the contents of email is not encrypted or obscured in any way. As it travels from your computer to your mail server to my mail server and finally to my PC, it's stored in formats that are easily read by anyone who has access and cares to do so.
Let's examine those two criteria in more detail.
Anyone who has access to the network, network equipment, mail servers, or PCs across which your email travels could potentially read your mail. So just who are those people?
Anyone with access to your machine has several ways that they could examine your email conversations – from installing spyware of some sort to copying your mail folders to their remote location to simply opening up your mail program and reading your mail.
Malware is really a special case of someone having access to your machine. The concerns behind malicious compromise of your machine is that malware can gain access to more than just email. Even the act of simply typing your message could be recorded and examined if malware is present.
Other machines on your network may be able to see your email as it's transmitted between your machine and your mail server when you send or receive. I say "may" because it depends on exactly how your network is configured. The most obvious case is an open (unencrypted) WiFi hotspot where any machine connected to the hotspot can see all of the data that's being sent and received by the other machines on that same hotspot.
Your ISP can examine all of the data that you send and receive on the internet simply as a side effect of providing your connection to the internet.
Your email provider can examine your email simply as a side effect of providing your email service. Included in this would be your email provider's own networking and hosting providers as well.
Your recipient's email provider just like yours.
Your recipient's ISP once again, just as your ISP can see everything you to, your recipient's ISP can see everything they do.
Other machines on your recipient's network have the same issues as the security and configuration of your own.
Malware on your recipient's machine puts your conversation at risk just as much as if it were on your machine.
Anyone with access to your recipient's machine naturally can do whatever the recipient could, and thus could read, copy, or otherwise access your email conversation.
This seems like a long list of entry points – points at which your email could be exposed to prying eyes.
When most people see the list above, they immediately focus on the items outside of their control.
I get constant comments that either imply or flat out accuse email providers and ISPs of maliciously reading email that they have no business reading.
In my opinion, that's unwarranted paranoia speaking. These businesses are too busy to have the resources to do so, and too competitive with each other to allow something like that to happen in any systematic or organized way that might some day become public knowledge.
That's not to say that there aren't incidents of breaches from time to time – and formerly trusted employees have been fired or even jailed as a result. What I am saying is that these are the exceptions rather than the rule.
Nope, the real risk (if there is to be any) is at the points that you do control.
I honestly believe that if there is going to be risk, the greatest risk to email privacy is at the sending and receiving endpoints.
In other words, the actions of malware on your machine, or someone walking up to it and poking around, or your own actions misdirecting an email message present a much greater risk than anything that might happen once the message is in transit.
As a result, the most important thing that you can do to secure your email is to secure your computer and your own practices in dealing with your computer and the internet.
If there's risk, that is.
I hate to break it to you, but by and large, you and I ... well, we're just not that interesting.
Even if people had an opportunity to read our email, they probably wouldn't. in all likelihood, 99% of all email is incredibly boring unless you're the sender or the intended recipient.
Even so-called "confidential" information isn't shared much via email – simply avoid emailing things like social security numbers, passwords, credit card numbers, and the like, and you'll be 99% protected right there. Heck, by now, it should be common knowledge that any email that asks you to reply in email with information that includes your password is almost certainly a phishing attempt. Sending that kind of information via email is simply a bad idea.
So don't do it.
Everything else that you do in email is probably pretty boring stuff – I know mine is.
Your question included two very important words that might make things more ... interesting: "business" and "sensitive information".
Email privacy does start to make sense if you have legitimate reason to be concerned that your email might be intercepted, and/or if the cost of such an interception is unacceptably high.
So the first question that you need to ask yourself is, "Am I really a target?" Most people are not. Most business are not. Many might think they are, but in reality, no one cares. On the other hand, if you're communicating on sensitive things that you know are the focus of possible industrial, political, or personal espionage then yes, you might have a legitimate concern.
The next question is, "What's the downside of someone else seeing this?" Again, in most cases, the cost is negligible ... a little embarrassment at most. If, on the other hand, that communication landing in the wrong hands could cause serious damage, then it's also time to consider approaches.
And as a business, if there are legal ramifications to information leakage, or actual laws requiring a heightened level of privacy and security, then whether actually warranted or not, you may be required to take additional steps.
Then you have exactly two options:
The most important aspect of an email alternative is that you control or understand the entire path that your sensitive information might take on its way from point A to point B.
My online brokerage is a good example. They do not email statements, but rather, they use email to notify me that a statement is available. I can then login securely to my account on their website and download my sensitive information.
Not only is the path a direct one – from their server to my PC – but it's encrypted via https, so that even someone at my ISP who's watching the data stream would be unable to decipher its contents.
They control their server, I control my PC, and the path between the two is obscured from any third-party prying eyes.
You could set up access-controlled shares on your company's network or servers, or even go so far as to write a custom application that requires not only additional security to access the data, but could impose a higher level of obfuscation on the data as it traverses the internet.
Just make sure you have someone who is a security professional doing the work – security is easy to think that you got right when in fact, you did not.
The most practical solution for most people, which you are trying to advocate for, is simply encrypting your data before it's emailed.
The problem here is that encryption schemes for email are generally not as interoperable as we'd like. If you can standardize on a solution what works for all of your senders and recipients, then your email problem is mostly solved. While some solutions are free, often they involve third-party software and periodic fees.
If you're doing it on your own, and your correspondents may be running a different email client or perhaps even a different operating system, things get more difficult. Personally, I've not found a good solution that integrates well with various email clients. My approach instead is to send encrypted attachments. By that, I mean:
I write my message using a plain text editor or word processor and save it to disk
I use a tool to encrypt that file. Candidates are 7-zip (using ZIP format), AxCrypt, PGP/GPG and Truecrypt, although there may be other viable alternatives as well. ZIP files are perhaps the most easily interchanged, and current implementations privide good encryption.
I send the encrypted file as an attachment to my recipient.
I also send to the recipient – through a different channel – the password or whatever other information he will need to decrypt the file.
It is somewhat cumbersome, but if you can agree on an encryption tool, it works in almost all environments, and with any email client that can send an attachment.
You'll notice that encryption is a cornerstone of even the non-email solutions.
If all this sounds like I'm skeptical ... it's because I am. In my opinion, most people who think they are targets are, in fact, not.
But what if you really are? If electronic communication is a necessity, then encryption, good encryption, is a must. Things can be a little more complex than we'd like, but if it's important then you simply cannot ignore it.
It's one more reason why truly secure information is often best handled in phone calls or in person meetings, rather than email.
The one place where the average person may well be at much more risk than they realize – is in open WiFi hotspots. It's fairly easy for anyone there to "listen in" on the data flowing to and from your machine. There, you need to be encrypted one way or another. See How do I use an open WiFi hotspot safely? for the steps that you need to take if you use a public WiFi hotspot.
(This is an update to an article originally published November 13, 2005.)