Deadly IT sin #4: Unencrypted emailAs much as we complain about email as an annoyance, a distraction, and a productivity killer, we depend on it for vital business and personal communications. We might hate email, but we’d probably be lost without it.

What many people don’t realize is that email is quite old as a technology, and it’s very insecure. Not only are spam and phishing rampant, email snooping is a problem, too.

Because email traverses the Internet in plaintext, it’s only as private as sending a postcard. If you’re not encrypting your email, what you might think is a private communication could be read by anyone – whether it be Google, the NSA, or perhaps one of your competitors.

Sophos Global IT Security Manager Ross McKerchar wrote about the problem of email in a blog post on Naked Security:

Despite its lack of security, we keep using email because it’s become so ingrained in the way we do business, and it’s not going to be replaced any time soon.

To get email security right, you should think about all the ways email can be misused and abused.

Ross’s advice is to look at the options for email encryption, and figure out which one is best for your users – because, ultimately, you rely on them to make it work.

Solutions range from the somewhat impractical (PGP and S/MIME), to the not totally secure (file encryption), to what we consider the simplest and least problematic – Sophos’s own SPX encryption technology.

To protect data and your organization from email-borne threats, you should look for a solution that also offers spam filtering and policy-based data loss prevention (DLP).

We can help you crack the problem of email security. Learn more about why unencrypted email is a “deadly IT sin” by checking out our 7 Deadly IT Sins website. It’s got lots of information about the ways organizations commit security “sins,” and it offers videos and other free resources to help you.


Leave a Reply

Your email address will not be published. Required fields are marked *