Email is insecure and impractical
We use email everyday. Often the content is innocuous. However, sometimes it’s not. Perhaps you’ve sent your bank account details or passport number to a friend or travel agent through your personal address? I have done this as the expediency and convenience outweighed my concern at the time about a possible data breach, and I hadn’t really considered the logistics about how my data may be compromised so as to make an informed decision.
Now I’ve done my research and can give you some perspective so the next time you are thinking about sending an email with personal information you can properly consider your options for adding some security to the process. Email is not secure! There are three main places where data can be compromised.
- Your devices and devices of recipients - If someone can get physical access to your device and get past your passwords they will be able to read your emails. This is the same for the devices of those persons to whom you are sending emails;
- Networks - If you’re sending an email to another person there are the email providers of both yourself and the recipient and all the networks in between. If any one of these systems is compromised your details may be accessed;
- Servers - Someone who has access to your server does not need to have access to your devices to read your emails. They can read them directly off the server.
One way to make messages more secure on both networks and servers is to use encryption. Documents are scrambled so they cannot be read except by persons who have a key to decode them. However you may incur a cost with encryption and also although it may scramble the contents of a message it may not change the header text e.g. the subject line or recipient’s email address.
What about the Cloud?
If you are working on something in the Cloud, the server is the data-center of the Cloud host provider. Such data-centers often have greater resources for physical security. For example, the Amazon Web Services (AWS) data centers have multiple layers of external firewalls, intrusion-detection scanners, a system that centralizes the storage and interpretation of logs, or events (so hacker attempts can be identified and attended to quickly) and a continuous external vulnerability scanning system. This arguably makes your emails and other data held within such a system more secure.
Some cloud-hosted web mail e.g. Gmail also encrypts the emails they hold in their data centers. However, Google holds the key to this encryption wall and mines data stored within emails for advertising it sells to third parties based.
Email providers such as ProtonMail are now selling cloud-hosted and encrypted email accounts but do not sell the mine the data based in these emails for to generate revenue (https://protonmail.com) . These services require you to pay a fee to use them.
Is it Practical?
So despite its widespread use email is not very secure. However, security can be used using encryption and it is arguably more secure to send emails over the Cloud.
Email may be seen to be the easiest way to send documents and communicate in writing with people who may be anywhere in the world, it may not be the most practical means of communicating for discussions that are likely to be revisited at a later date. This is because email is not always easily searchable and although you can keep folders for the different topics to which all your emails relate, it is easy to accidentally store some in the wrong place or forget to place them in a folder. This makes it hard to reconstruct email conversations in the future.
For communications that may need to be reviewed, it may be best to use a platform that stores all communications relating to one topic or work matter in one place and that is easily searchable.
It may be well-worth your while to consider the different reasons why you are using email. One of the following three scenarios may apply.
- If your emails are personal and innocuous there is probably no harm in using the system you are currently using;
- If you are sending personal email details over email you may want to consider the security of the email provider and whether you want to add encryption to your communications or whether your email communications would be more secure if they were sent over a cloud-hosted system; and
- If you are using emails in a work context you may want to consider whether a system that captures communications as well as all the other work done on one particular file may work better for you than email. This is because if conversations or communications need to be reconstructed in the future it will save you a lot of time and trouble.
ContractRoom is a AWS-hosted negotiation and contract lifecycle management system (also known as contract management software) that captures all communications in relation to the agreement-building process among multiple negotiating parties. To find out more or request a live, free demo, click here: