Over the past few weeks, many news stories and much of the public’s attention has been focused on the email breaches at the DNC. It is believed hackers accessed DNC email servers by using a technique called spear phishing. Spear phishing is when you receive an email that looks like it is from someone you know with the intention of getting you to click on a link, so the hacker can download malicious code. The malicious code then allows hackers to access vulnerable systems and information, such as emails.
The DNC is not the only organization to have an email breach. In 2014, Sony had a similar email breach, dubbed the Hack of the Century by Fortune, and earlier this year several legal firms experienced email breaches related to insider trading. Stories like these focus on the issues of phishing and server vulnerabilities, which are almost impossible to totally prevent. A better solution focuses on securing the content of the emails.
Email is a lot like a postcard. Its contents are fully readable by anyone from IT administrators to hackers as it sits on a mail server or travels over the Internet. If the content of an email is sensitive and should not be read by anyone other than the intended recipient, then it should be encrypted.
There are many types of email that should be encrypted, but at the most fundamental level they are as follows:
1. Emails that contain personal private information
2. Emails that contain confidential or proprietary company data
Financial institutions and healthcare organizations have used email encryption for years to protect sensitive information. Most of these organizations understand the importance of protecting the privacy of patients and clients. Increasingly regulations are ensuring that any organization that handles personal private information in email protect it with encryption.
With these very public email security breaches, the need for email encryption is becoming more important across all industries. As the primary communication tool of any organization, email will continue to be a target of hackers trying to gain access to sensitive business information. The best solution to this problem is to protect the contents of the email with encryption. Appliance-based email encryption protects emails in transit over the Internet, and end-to-end email encryption keeps it secure in transit and behind the network. To understand the use cases and benefits for these two methods, check out our ebook on the topic.
Just think how boring the attacks on the DNC and Sony would have been if the sensitive emails had been encrypted. The moral of this story is: if you don’t want your sensitive email content exposed in the next news story, encrypt it.