|
which-platforms-are-supported-by-virtru / .
Receiving an Encrypted Email
With recent developments in email encryption , the process of opening an encrypted email is less cumbersome than in the past , though it may still be a multistep process . Recently , a colleague sent an email encrypted though the Microsoft Office 365 system . Opening and reading the email required a quick registration with Microsoft for a temporary key to open and read the emails . As long as the receiving system stayed logged in , the key lasted 12 hours . Had I had a Microsoft Office 365 account , the email would have opened without the intermediate step of registration and procuring the key . The reply to the email was also automatically encrypted . Several other firms with whom I correspond regularly use either Zixmail or Sharefile . In each case , when an encrypted email arrives , the email includes a link to the message or files on the server of the service . Typically , a quick registration – email address , name and creating a new password , is all that is required to access the email . One note , some encrypted systems delete or remove mail after it is read or after a time limit passes \ s . If preserving the email is important , the reader may need to capture the email to local storage to retain access to it .
|
too small to be a target . That is patently false since criminals with limited skills are going to exploit the easiest targets for the quick score . Large criminal organizations may target larger firms with greater density of information , but because they have more sophisticated security systems , they may target the smaller firms as well .
While this particular article looked primarily at encrypting email in transit , it is equally important to consider encrypting information stored on local computer systems and in cloud based storage . For example , files stored in a Spideroak container ( https :// spideroak . com /) are encrypted in transit to the Spideroak servers and while on the Spideroak servers . The same files stored in the Spideroak folder on your hard drive , however , are not encrypted unless your hard drive is encrypted . A cracker with access to your hard drive can read the unencrypted files as easily as you can .
It is possible to encrypt a hard drive , which prevents anyone without the proper credentials from accessing the hard drive . However , if the password to the system is written on a Post-it TM note on the monitor , all the encryption in the world won ’ t prevent access to the system . In addi-
|
tion , once the system is compromised , so that the cracker has access to the system at the administrative level , encryption no longer prevents the cracker from accessing the information because the cracker has the same level of access as a user of the system , or perhaps even better access . It goes without saying , then , that password protection is also critical to securing your client ’ s information . Perhaps , next up , if by popular demand , an upcoming Tech Tips article on passwords ! ____________________ James Knapp , Esq . is the Vermont Underwriting Counsel for First American Title Insurance Company . His avocation is the application of technology to the practice of law including information security and computer forensics . The information provided in this article are his personal opinions and do not represent the official position of First American Title Insurance Company , though the Company does encourage good practices related to information security and the protection of client information . |
Tech Tips : Encryption Practice Pointers |
|||
Email Encryption is a Partial Solution |
||||||
|
Encrypted email is only part of the security solution . As long as an unencrypted email rests on the firm ’ s or the client ’ s system , it can be read by anyone with access to that system . The recent focus on encryption appears to stem from a number of events where “ crackers ” ( criminal hackers with evil intentions – some hackers are just clever curious people pushing a system ’ s boundary with no evil intentions ) have obtained access to information about financial transactions and through clever social engineering have redirected payments through bogus wiring instructions . The cracker did not likely intercept the emails in transit , but instead read the emails after they had been delivered .
Information security professionals warn that crackers are not just targeting large business and international firms . Law offices , real estate professionals and others , particularly those who use email systems with limited security options such as AOL , Yahoo , free Gmail and Microsoft Outlook accounts , are the targets for a whole range of criminals looking for any information that can be exploited . Unfortunately , most users of systems with poor security options are convinced that their operations are too small or the transactions are
|