Maximizing Email Security ROI
Part V – A New Twist to an Old Problem: Email Encryption
December 16, 2004
This is the last of a five-part series on
Maximizing Email Security ROI.
Throughout the ages, people have encrypted communications to suit their information security needs.
In the 1st century B.C., Julius Caesar didn’t trust the couriers who carried his messages to trusted acquaintances. So, he replaced every A with a D, every B with an E, and so on, all the way through the alphabet. Only those who knew Caesar’s shift-by-three rule could decipher his messages. Over 2000 years later, we’re still trying to protect our messages from prying eyes (If you have not read CipherTrust's white paper on Privacy Architecture, you can download it free here).
In the Information Age, email is the primary method of communication for businesses around the world. While email has become a mission-critical application, it also raises important privacy and security concerns. Sensitive personal and business communications are vulnerable to the prying eyes of hackers, industrial spies and others who would love to have access to information not intended for them. Because of these risks, businesses are realizing the value of encrypting their email communications to protect vital information while in transit from origin to destination.
Asset/IP protection
Enterprises that fail to adequately protect information in transit across the Internet risk revealing their most vital secrets. Each unencrypted email exposes sensitive data – from confidential financial and product information to legal contracts to files that include personally identifying information such as Social Security numbers, birthdates, credit card numbers and bank account numbers.
Failure to encrypt email communication is akin to sending a digital postcard into cyberspace. Sure, there’s a chance that it will reach its destination without crossing a snooping pair of eyes, but there’s also a chance that it won’t. You wouldn’t send a postcard with your vital trade secrets, financial data and customer information on it, so why would you send an unencrypted email containing the same?
Compliance and Liability
State and federal regulations targeting financial and personal data affect almost every enterprise, with mandates to protect and secure all forms of information. While these regulations rarely explicitly mention email, the laws are broadly written and generally interpreted to cover email and other forms of electronic communication.
Publicly traded enterprises, particularly those in the banking and healthcare industries, must guarantee privacy and security of customer or patient information in email by encrypting the message and monitoring outbound email for unencrypted or inappropriate patient or customer information. In addition to protecting private information through policy enforcement, companies are responsible for protecting private information while in transit across the Internet.
Failure to encrypt confidential information that results in a violation of regulatory policy can lead to steep corporate fines as well as possible criminal charges, fines and jail time for company executives. In addition, the company faces likely lawsuits from customers and patients whose confidential information is compromised.
To help ensure security of confidential information and compliance with regulations, businesses must ensure that:
- Email messages containing confidential information are kept secure when transmitted over an unprotected link
- Email systems and users are properly authenticated so that confidential information does not get into the wrong hands
- Email servers and message stores where confidential information may be stored are protected
Make Sure it’s Greek to Them
A comprehensive email security approach including encryption is the most effective defense against all external and internal threats. For more information on how to encrypt information entering and leaving your enterprise email network, download CipherTrust's FREE whitepaper, "Protecting Email: Overview of IronMail Privacy Architecture".
CipherTrust and The IronMail Insider wish you and yours a safe and happy holiday season and all the best for a prosperous 2005!
|
