Menu
E-mail insecurity in a litigious society

E-mail insecurity in a litigious society

I don't need to tell you that e-mail has changed the way the world communicates. I get more e-mails by far than I do letters delivered the old-fashioned way. That said, there's one aspect of e-mail that many of us overlook at our peril, and that's the information we put in our messages.

E-mail was not intended as a secure means of communication. Whether you're an attorney, an accountant, a CEO, a chief financial officer or an internal auditor -- even if you work at home or are retired -- you need to know that what you put in an e-mail could one day become key evidence in litigation.

Remember that the vast majority of e-mails traverse the globe in an unencrypted format. This is analogous to sending a postcard via regular mail. Think about it: What's to stop your mail carrier (or anyone else in the postal delivery chain) from reading the messages you write on postcards? Unless you've written in some obscure language used by only a handful of people, nothing can stop such peeping. Yet e-mails (containing information like account numbers, Social Security numbers and/or other sensitive and personal data) are passed around by millions each day with nary a thought to potential consequences.

And e-mails not only are vulnerable to snooping and contribute to a general loss of privacy; they have also become an increasingly used tool in litigation. The use of e-mail information as evidence in the Microsoft antitrust trial was just one of the most visible examples.

According to Jack Seward, a digital forensic accounting technologist in New York, some users still believe that digital encryption of e-mail isn't necessary. They argue that e-mail carries the reasonable expectation of privacy. Although that may have been true once, Seward warns, "known technological vulnerabilities of unencrypted e-mail make this presumption an old wives' tale at best."

What about e-mail accidents? It is easy to have e-mail accidents, and accidents are more common in important business and personal communications than most people may realize. An e-mail message can be easily sent to anyone in an instant -- and there's no hope of retrieving it once you hit Send. It takes just a single errant keystroke or mouse click to send a message to the wrong recipient.

With password protection and encryption, a user can have some measure of security for misdirected messages. However, the best way to prevent accidents is to teach users what to do when things go wrong, as well as how to do it right in the first place. If possible, IT managers should also configure e-mail software so that the default setting produces the safest outcome.

The million-dollar challenge is to decide which type of security strategy and encryption software to use, and to determine whether it is prohibitively costly. A simple search on the Internet will show you that there are dozens of products available, some of them at no cost -- meaning no monetary issues should get in your way.

It's important to note that when you're shopping for a product, you should match the protection provided for e-mail messages, systems and software to the value or sensitivity of the information that will be transmitted. Generally speaking, it's best to use a centralized control for e-mail services.

E-mail policies should be defined and should specify the level of protection to be implemented. Of course, if your company is using a secure channel like a VPN, your messages will be secure in transit, since VPNs typically employ some combination of digital certificates, strong user authentication and encryption to provide security for the traffic they carry.

These days, many lawyers, accountants, actuaries, financial planners, medical professionals and others freely send critical personal information in an unencrypted format. It is imperative that this practice change, with organizations adopting policies for the safe and secure handling of e-mail. Educating employees about safe e-mail usage and delivery policies helps reduce the risk of intentional or inadvertent misuse, thereby ensuring that confidential records transferred via e-mail are secured properly in transit and upon receipt.

Encrypting your e-mail will keep your messages safe from all but the most determined hackers. Protecting your intellectual property assets is paramount, and those assets include e-mail. In the end, this will become a non-negotiable requirement in our litigious society. Encryption is a reasonable precaution that we'll have to take when sending sensitive information anywhere around the globe.

Douglas Schweitzer is a freelance writer and Internet security specialist in Nesconset, N.Y. He can be reached at dougneak@juno.com.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments