Published at 2001-08-28 16:23:50
Sending e-mail across the Internet creates the illusion of safety. When you click that send button it is not only your intended recipient that may have access to your message. E-mail may be left undeleted on a server for many months, while some servers may create backup copies of your e-mails. Apart from firewall systems and network security options, e-mail server companies also have the responsibility to take care of the 'real world' security of your e-mail. For example the server may be located in an office, the office may be unlocked, and the physical server machine may be vulnerable to attack via direct access.
The only sure way to protect the security of you e-mail message and attachments is to encrypt them. Encryption programs basically scramble the original file so that when it is accessed without your knowledge it is unreadable. The only way to decrypt the file is if you have the necessary password and software to do so. There are many encryption programs available for free on the Net, some are suggested in the 'Links' section of this web site.
The only way to make encrypted transaction of information possible is to ensure that the person (or people) you wish to communicate with are using the right software and have the correct password to decrypt your messages. The exchange of passwords is the weak link; this should be changed monthly to a new password, and should be long and difficult for anyone to guess (a random combination of numbers and letters is best). The integrity of the system relies on you managing and protecting your passwords effectively.
The whole idea of this method of information security is that even if somebody gains access to a file (either through hacking or direct access), it is effectively useless to them as they cannot read the files contents. Therefore it is logical to NEVER save decrypted versions of your files on a server or personal computer, as this defeats the purpose.
Before you and your colleagues embark on a data encryption policy, you should first ask yourselves if it is really necessary to do so. What kind of information do you need to protect, and why? For the casual Net user encryption is not necessary, although we all need our privacy to be respected. For a company protecting its client's personal details (credit card numbers, phone numbers, order information etc.), encryption protocols are essential. A company may also need to protect its information from rivals from within their industry, for such a company encryption provides a safe method to communicate via e-mail without having to worry about the security of their e-mail contents.
It is worth mentioning that encryption is actually illegal in some countries, while some encryption algorithms are safer than others. When choosing what's right for you always consult the help files and 'readme' files of the individual package in question.