Tag: email

13 Sep 2015

Email Encryption and Mobile, Like Oil and Water

Destined never to mix?

Lack of standardisation, clunky integration and poor user experience have all stood in the way of tackling the security risks of email use on mobile devices. While the use of instant messaging services and social media is increasing, email remains the staple of business-to-business communication.

As businesses and employees become more mobile the challenge of securing sensitive data within email messages heightens. Almost half of employees, access business email on a device they own. Are mobile and email security like oil and water: destined never to mix?

Encryption technology has often existed as a bolt-on capability, for both traditional and mobile email clients, hindering the user experience by disconnecting them from the simplicity of built-in device applications.

Mobile technology has become universal because it is slick and intuitive. Its primary focus is the user experience. If that experience doesn’t exist, then we’ll naturally find ourselves looking for a way around the issue. When that issue is email security, the requirements of the business are at odds with the user’s actions. It becomes a serious problem.

“Too many companies haven’t properly integrated email services with email security. Secure messaging must be an integral part of your workflow.”

Tweet this quote

So, it’s not actually the case that mobile and secure email don’t mix. It is that too many companies haven’t properly integrated email services with email security. Secure messaging must be an integral part of your workflow.

The opportunities that mobile working presents to any business are significant and not going away any time soon. This opens up doors to countless vulnerabilities, especially as the value of data continues to rise, making it a rich target for cyber criminals.

New devices and applications arrive on the market on an almost daily basis, so to keep track of every device is clearly a fool’s errand for anyone developing security software.

Third party providers trying to bolt on security simply add additional steps for the mobile user. That means if there is a workaround, users will find it.

Email Encryption and Mobile, Like Oil and Water

Delivering a seamless experience is fundamental to user adoption and user adoption is a key to compliance with any message security strategy. The user experience can be enhanced by building security into the mobile experience. It should be functional, yet seamless to the user. Users should have controls, but it should also work without them having to do anything.

“What business needs is a smart platform for email encryption that makes the decisions for the user.”

Tweet this quote

What business needs is a smart platform for message encryption that makes the decisions for the user. When this platform is device independent, it does not matter if the user is on Android, Apple, Windows or any other platform…they can send email securely. The pace of technology and user device preference change so quickly, security solutions need to remain flexible enough to adapt along with them.

By Jacob Ginsberg, Senior Director of Products, Echoworx

11 Aug 2015
Photograph by Tom Bonner

Security Determines Success in IoT

The Internet of Things, a game-changer.

Change opens new and unfamiliar vulnerabilities, as with any new invention, hype and expectation can overshadow practicalities. The Internet of Things (IoT) will be one of the most transformative technological trends to impact global society, perhaps since the invention of the World Wide Web. But there is a less sexy element that will underpin its success. Security.[/caption]

6.5 billion objects are expected to be connected to the Internet and cooperating partially without human intervention by 2015 (Stefan Ferber, Bosch Software Innovations).

The Internet of Things will undoubtedly impact every area of global affairs. As objects, data, systems and people enter into this global interconnected web, business models, communication, politics, security threats and even doing something as simple as boiling the kettle will change forever. If history has taught us anything, it is that with technological change come new security vulnerabilities. Individuals must be proactive not reactive when it comes to protecting their data.

Unfortunately there is no crystal ball. There is no way of knowing what devices we’ll be using, what our workplaces will look like, how we will get to work, the list is endless. As a result, security of information must occur at a network level and be device agnostic. Most importantly, data protection mustn’t be dismissed as unimportant or worthless. Much like in the story of the ugly duckling, those that underestimate it are soon proved wrong.

With work and other technologies mingling, fundamental methods of communication like email are likely to change. From a security perspective, change opens new and unfamiliar vulnerabilities for cyber criminals to exploit. Therefore, businesses must ensure encryption is an integral component of how information is shared. Equally, the processes have to be user-friendly, device agnostic and at a network-level if they are to succeed.

SEE ALSO: Privacy is DEAD

Companies need a solution that is focused solely on email security if that is the main form of communication. Gmail alone has more 900 million users. Both Facebook and Microsoft have introduced an open PGP approach. Google apps is following suit. As email threats get greater, it’s prudent to have a solution in place to handle and protect sensitive information. The businesses that wise-up the fastest and responsibly protect against the threats that lurk in our Internet-powered world will reap the benefits. Those that judge the Internet of Things on face value will sooner or later realise their mistake to the detriment of their business.

“The beauty of cloud based message encryption is that it truly doesn’t matter what device you use to send the email; it is protected.”

The beauty of cloud based message encryption is that it truly doesn’t matter what device you use to send the email; it is protected. Imagine sending an encrypted email from a toaster – and it being secure! Effective security will, without a doubt, enable any business welcome the benefits and opportunities of the Internet of Things, not the challenges.

The Internet of Things is a game-changer. Whether it is a blessing or a curse will be entirely determined by the participant’s understanding and commitment to data security. Like the story of the “ugly” duckling, observers must not see security protocols as worthless and disregard them, given time, they will become invaluable and the most important investment of all.

By Jacob Ginsberg, Senior Director Products, Echoworx

16 Apr 2015

Giving Your Personal Information to Hackers?

What about emails from within your organization?

We’ve covered being aware of phishing emails in a previous blog, but what about emails from within your organization? If hackers have access to the email of someone within your organization or that you communicate with, a phishing email could be hard to spot. This kind of attack is called “spear phishing”. It is more targeted than a regular phishing email, and if successful hackers could gain access to sensitive information just by asking for it.

“…the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over.”

It was revealed this week that the White House system breach first reported in October 2014 stems from this type of attack. As reported by CNN, “the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over.” Both the State Department and White House cyberattacks are believed to be the work of Russian hackers. Although the White House network that was breached was reportedly unclassified, new information indicates the hackers were able to gain access to non-public details of President Obama’s schedule.

If you receive an email asking for sensitive information that you are not expecting, double check with the person or organization via other means that they have actually sent the request. Always be aware of workplace guidelines regarding who should have access to sensitive information because a few minutes of investigation could save you from a major cyber attack.

By Jacob Ginsberg, Senior Director of Products, Echoworx

12 Aug 2013

Understanding Email Encryption

Email is at the heart of business today and will continue to be. Email may be ubiquitous but it is far from secret. The vast majority of emails are unencrypted which means that they are not secure during transit and can ultimately be read by anyone. With so much at stake, email encryption continues to be one of the most critical security measures an organization can take to protect data theft and loss.

Email encryption addresses a number of business issues: It reduces the risk of data loss, it helps companies comply with legal and professional requirements, and it builds trust by demonstrating a company’s commitment to data security.

The risks are obvious:

  • Reputation damage through negative PR

  • The legal risk that someone might sue you for breach of confidentiality, loss of company secrets and intellectual property

  • The risk of identity theft or other security problems

  • Failure to live up to regulatory requirement

A proactive approach to data security that embraces email encryption can demonstrate to employees, partners and customers that you value their trust – a valuable business asset. While it may be difficult to quantify, imagine the business benefits of increased trust in your company’s email. Being able to exchange sensitive information safely is a competitive advantage. It is more efficient for your customers, employees and partners. It is cheaper for you. Using email is also more environmentally friendly than sending mail. Secure, trustworthy, efficient email could be a key differentiator for companies that use it.

Download the PDF for more information on email encryption approaches.