Th is is the last of a five-part series on Maximizing Email Security ROI.
Throughout the ages, people have encrypted communications to suit their information
security needs.
In the 1st century B.C., Julius Caesar didn't trust the couriers who carried
his messages to trusted acquaintances. So, he replaced every A with a D, every B
with an E, and so on, all the way through the alphabet. Only those who knew Caesar's
shift-by-three rule could decipher his messages. Over 2000 years later, we're still
trying to protect our messages from prying eyes (If you have not read CipherTrust's
white paper on Privacy Architecture, you can download it free here).
In the Information Age, email is the primary method of communication for businesses
around the world. While email has become a mission-critical application, it also
raises important privacy and security concerns. Sensitive personal and business
communications are vulnerable to the prying eyes of hackers, industrial spies and
others who would love to have access to information not intended for them. Because
of these risks, businesses are realizing the value of encrypting their email communications
to protect vital information while in transit from origin to destination.
Asset/IP protection
Enterprises that fail to adequately protect information in transit across the
Internet risk revealing their most vital secrets. Each unencrypted email exposes
sensitive data - from confidential financial and product information to legal contracts
to files that include personally identifying information such as Social Security
numbers, birthdates, credit card numbers and bank account numbers.
Failure to encrypt email communication is akin to sending a digital postcard
into cyberspace. Sure, there's a chance that it will reach its destination without
crossing a snooping pair of eyes, but there's also a chance that it won't. You wouldn't
send a postcard with your vital trade secrets, financial data and customer information
on it, so why would you send an unencrypted email containing the same?
Compliance and Liability
State and federal regulations targeting financial and personal data affect almost
every enterprise, with mandates to protect and secure all forms of information.
While these regulations rarely explicitly mention email, the laws are broadly written
and generally interpreted to cover email and other forms of electronic communication.
Publicly traded enterprises, particularly those in the banking and healthcare
industries, must guarantee privacy and security of customer or patient information
in email by encrypting the message and monitoring outbound email for unencrypted
or inappropriate patient or customer information. In addition to protecting private
information through policy enforcement, companies are responsible for protecting
private information while in transit across the Internet.
Failure to encrypt confidential information that results in a violation of regulatory
policy can lead to steep corporate fines as well as possible criminal charges, fines
and jail time for company executives. In addition, the company faces likely lawsuits
from customers and patients whose confidential information is compromised.
To help ensure security of confidential information and compliance with regulations,
businesses must ensure that:
- Email messages containing confidential information are kept secure when
transmitted over an unprotected link
- Email systems and users are properly authenticated so that confidential
information does not get into the wrong hands
- Email servers and message stores where confidential information may be stored
are protected
Make Sure it's Greek to Them
A comprehensive email security approach including encryption is the most effective
defense against all external and internal threats. For more information on how to
encrypt information entering and leaving your enterprise email network, download
CipherTrust's FREE whitepaper, "Protecting Email Privacy: Overview of IronMail Privacy
Architecture".
