Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

How Secure is your Email?

Created: 25 Oct 2007 07:00:00 GMT • Updated: 23 Jan 2014 18:45:16 GMT
Ron Bowes's picture
0 0 Votes
Login to vote

These days, many people take it for grantedthat their email is secure. People (and companies) send all kinds ofcritical information through email, expecting it to make it to thecorrect person and only that person.

That's a bad assumption.

Email is often used by Web applications to reset passwords, byfinancial sites to provide updates to profiles, and by friends andfamily with personal information. Any of this data, in the wrong hands,could be dangerous to a person. It could lead to all the usualproblems: identity theft, information exposure, and the exposure oftrade secrets.

Email passes through several servers in much the same way astraditional mail travels through several people. The sender sends anemail directly to an SMTP (or similar) server, which is often run bythe sender's Internet service provider (ISP). That server typicallyforwards the email to the recipient's mail server (which can be run bythe recipient's ISP, the recipient's company, or any other individualthat provides the mail service). At that point, the recipient can pickit up from the mail server at his or her leisure.

According to the American Management Association, more than threequarters of employers monitor employees' email on their mail servers (source(a PDF requiring free registration)). This means that it is likely thatany personal or private correspondences are being viewed by your bossor somebody else in your company. Thus, passwords, financialinformation, and letters from Mom may be viewed if you use your workaccount. Furthermore, even if your mail isn't intentionally beingmonitored, it only takes a single angry, malicious, or bored IT personto snoop through employee email. The letters you thought were privatemay be exposed.

A great example of this happened in September when over 6000 emails (700MB worth) from the company MediaDefender were leaked and posted online.These emails reportedly included everything from secret governmentprojects to an employee's order for a pepperoni pizza from Domino's.When sending these emails, users had some expectation of privacy.However, these emails were kept on a server, which is a common practiceand, in some places, a legal requirement for record-keeping. How manyemails have you sent recently that, if they were posted publicly, youwould regret?

Many companies should seriously consider encrypting emailcommunications, especially when they're stored. This one simple stepcan save a lot of hassle in the future.