Securing Your Email – or Why You Should Stop Using Free Email Services for Business

By on Nov 2, 2013 in Blog

Email is tragically insecure. There is simply no way around it – and if you’re using free email services such as Google Gmail, Yahoo Mail, or Microsoft’s Windows Live Hotmail – you are leaving yourself far more exposed than you might realize.

The problem with email security is that the system is inherently designed to facilitate quick communication between anyone with a valid email address. Regardless of where the sender and recipient are located, or which email service provider is being used.

All emails must be stored *somewhere* until they are retrieved and read. Most email providers (including Google, Microsoft, and Yahoo) will also happily archive all your emails essentially forever (remember when that was a huge selling point?).

Why is this a problem? Well in a perfect world it isn’t, and if no one ever cares to read your emails – then it never will be. What if on the other hand you are negotiating a business transaction, or otherwise need to share something sensitive with another person. What if you have been doing this for many years now – then what?

Every single email you have ever sent through your Google, Microsoft, or Yahoo email account is still sitting on their servers, usually stored in plain text, and under the domain of whatever privacy laws exist in that particular country. This means any sufficiently mature email account is a gold-mine for anyone interested in finding out everything they can about you.

Take a look through your archived emails if you want to see what one broken password can reveal about you – or take a look at what happened to Sarah Palin when her personal Yahoo email was hacked.

The email security problem is then compounded when you consider that anything you can do to better secure your email – is inherently going to make your email less useful (or at least less convenient). Unless you really are dealing with a lot of sensitive information (such as business negotiations) or have some need to maintain a high level of privacy (such as being a public figure) – then the benefits may simply not be worth the hassle or expense.

This is certainly a matter of personal choice though, and in either case – people should know what happens when they use email communications – and that there are choices to better secure your email if you want.

 

Recommendations:

1) Stop using free private email services for business

For all the reasons mentioned above – there simply is no good reason to do so, and you should keep your personal and business life separate anyway. Business / enterprise solutions for email are much more secure, and even though they will cost you a little bit extra – at least you can deduct them from taxes as a business expense.

2) If feasible – employ encryption, or use a paid encrypted email service

Setting up email encryption for free is certainly possible, but a hassle to setup for the average user – and it gets difficult to convince all your contacts to use your encryption methods. What good is encrypting your emails if the recipient doesn’t want to bother using the decryption key?

Paid services are available which make the encryption process much easier, though there will always be some extra hassle involved. Some popular options for such services (which we strongly urge you to research before using) include: HushMail (US-based), CounterMail (from Sweden), and NeoMailBox (from Switzerland).

Businesses with larger IT budgets will be more spoilt for choice in terms of secure email solutions.

3) Backup your email archive and store it elsewhere

Deleting your public email archive regularly will help make sure that even if someone manages to break into your account, there will be little information for them to exploit. Many backup solutions (both free and paid) are readily available and offer a quick boost to your privacy security.

4) Use a proportional and appropriate response

As we said before – while email is inherently insecure – anything you do to add layers of security will increase the hassle of using email. Paid options are (often much) less cumbersome, but still an extra hassle. You ultimately need to take a close look at what information you really need to communicate via any given channel, and communicate those using an appropriate level of security (and thus extra hassle).

5) Understand that there is no perfect solution (yet)

Believe it or not – there is a relevant XKCD that describes the major flaw with relying entirely on encryption to keep your emails secure. Ultimately if someone is really determined to access your emails, there is a way to do so with enough persistence and advanced knowledge.

Hopefully one day we will have a better solution than SMTP for email communication protocols. Until that day however, you should be mindful of what you communicate via email, and take steps to minimize your exposure as is desirable and feasible for your needs.

Post a Reply