End-to-end email encryption is the ONLY encryption a business should consider.
Due to improved understanding of cyber security within business and organizations, CIO ‘s and IT leaders are looking at email encryption as another defence pillar within their overall data security strategy. Choosing “End-to-end” email encryption means data been sent will be encrypted until the message’s intended recipient decrypts it, and that encrypted messages received will remain that way until decrypted by the recipient.
“Why business should care about Cyber security”
Businesses and the IT community should care about cyber security because they have got:
- Regulations to adhere to;
- Data protection laws to follow;
- A competitive edge to maintain;
- IP to protect; and
- Profits to make – which can be significantly impacted if sensitive data falls in to the wrong hands.
The reality is that cyber crime is on the rise
According to a 2013 Europol Serious and Organized Threat Assessment the “total global impact of Cyber crime [has risen to] US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.” There’s no doubt that cyber crime is on the rise and that the attacks are becoming more targeted and sophisticated than ever before. Gartner predicted that in 2015 the global business community will spend just under $77 billion defending itself against cyber crime.
According to PWC’s 2015 Information security breaches survey the cost of cyber security breaches is also on the rise with the average cost to a large organization now in the range of GBP £1.46m to GBP £3.14m and for a smaller organization the cost ranging from GBP £75k to GBP £311k.
The problem with emails
Whether businesses realize it or not emails are like postcards. Just as a postcard can be intercepted and read as it’s being sent through the postal network so can an email. It can even be edited.
Email Encryption is the solution
Encryption is often touted as the solution to protecting all email data. Email encryption is nothing new. It’s been around since the 1990’s and there are two types of email encryption: SSL (Secure Sockets Layer) and End-to-End encryption.
SSL encryption tends to be the default standard for businesses – not because it’s the most secure but because it’s the most user friendly. The alternative is end-to-end email encryption, which is infinitely more secure than SSL, but has been considered far from user friendly, until now, as many existing solutions are frustrating and costly to use as they often require the sender to understand the complicated encryption process and ultimately manage the encryption keys.
The problem with standard email encryption
Due to its user friendliness SSL encryption has dominated business email encryption, however there’s a serious flaw with SSL encryption – it only protects email data while it’s in transit i.e. when it leaves your computer or browser and makes its way to the recipient’s computer or browser. The email in your sent items and in your recipient’s inbox is not encrypted and therefore not protected. Consider the sheer volume of information contained in these emails (both in text and attachment formats). Next consider that these emails can still be easily read by your email provider, malicious third parties and governmental agencies (if your business’s email provider is compelled to hand them over under court orders) so long as they remain unencrypted. Plus, consider the simple fact that your business had gone to the trouble of encrypting the data in the first place, albeit while in transit, using SSL encryption it’s frustrating to find out that the job was only half done.
Emails have a long life
Businesses subject to regulation usually need to keep emails for between 6 and 7 years. They’re filed away, accessed sometimes but they’re always there. Also bear in mind the fact that once an email is “deleted” it is merely deactivated – databases tend not to delete data. Ever. So businesses should err on the side of caution and presume that each email will live forever and protect their data as such.
But most businesses only focus protection on the email data in transit i.e. the period of time it takes an email to leave their machine and arrive at the recipient’s machine. The length of time this takes varies, due to a number of factors, but on average this takes under two minutes. So all this time, money and effort is spent protecting a process that only takes two minutes of (at best) a 6/7 year life and at worst an infinite life!
Cyber attacks involving email data over the past few years have not focused on in-transit data but more on the latent/at rest data. Think Sony Pictures, Obama’s emails, the European Central Bank’s emails…the list goes on.
Moral of the story
If a business or organization cares about data security then end-to-end email encryption is the only encryption solution it should use.
Jumble is an easy to use zero-knowledge, cross platform, end-to-end email encryption product that integrates with existing email accounts. Jumble provides mobile support and has rich business features.