Blog / Securing Email to Protect Private Information – Understanding the Basics of Email Communication…
We are often asked by clients who deal with sensitive information what the most secure Email system is. In order to answer the question accurately, it first helps to understand the basics of Email communication, which can be distilled down to these elements:
Sender > Sender’s Email Provider > (THE INTERNET) > Recipient’s Email Provider > Recipient
Each arrow represents a connection to the Internet, either through a network cable, Wi-Fi, or cellular network. As a sender or recipient, you only have control of your end of the chain; the more the Email flows through the chain, the less control you have. For example, as a sender you can choose your computer or device, your Internet provider, and your Email provider. But you have no control over how your Email supplier gets your Email through the Internet to the recipient’s Email supplier, or the recipient.
So, let’s focus on the elements you can control:
Sender: Your “device” (workstation, laptop, tablet, and/or smartphone) needs to be a reliable, robust unit, constantly scanned for viruses and malware. Your Email application should be a dedicated program from a reputable vendor (Outlook or Teams is a popular Microsoft Business Email application.) Your device and application should be updated regularly with vendors’ updates, especially Security patches.
Sender Internet: Your Internet connection should be stable and as fast as possible. Fiber is the best choice, followed by Cable, then DSL. Wi-Fi and cellphone networks are the least favourable choice. Regardless, your Internet should be protected by a sturdy, commercial-grade firewall with Cyber Security countermeasures installed and constantly updated. It’s a common mistake to rely on the Internet provider’s router for Cyber Security protection, as most offer little or no protection.
Sender Email Provider: Your Email provider is going to supply more than just sending and receiving Email services. They most likely will manage, store, and back-up your Email history (i.e.: inbox, subfolders, and sent items), and provide some level of filtering to eliminate SPAM. Some suppliers also manage your contacts, calendar, and tasks. Many aprovide web-based applications to access your Emails.
There are three main types of suppliers:
1. Email “providers” can be systems installed and managed on an internal network server for your organization. Microsoft Exchange Server is a common example.
2. Many Email suppliers offer free services; Google and Yahoo are popular examples. However, they are Advertising & Marketing companies at heart, and use their free Email services to track user activity and sell statistical information. They are NOT recommended choices for a secure business Email system.
3. The third class are Email providers who offer a service-for-fee. Microsoft Exchange Online (EOL) is the most popular business fee-for-service Email supplier and is included with many versions of their Office 365 applications. This class of providers typically supply more powerful Email features, including improved Security, enhanced Email filtering (SPAM and Phishing), increased storage and backup capabilities, and integration with other popular business applications (i.e.: Outlook, Word, and Teams.)
Regardless of your provider, there are some precautions that you should take to enhance the reliability and security of your Email:
a) Ensure the communication link between your device and the provider is encrypted (VPN tunnel.) This is especially important if you are using the web-based interface to send and receive Email; you need to see the “https” in front of the Email supplier’s web URL.
b) Before opening unfamiliar Email, examine the subject line and sender’s actual Email address (not the associated name.) If they look suspicious, delete the Email without opening it. When looking at the sender’s Email address, ensure it is coming from a recognized domain name. For example, if the Royal Bank is sending you legitimate information, you would expect the sender’s Email address to end in “rbc.com” or “royalbank.ca”; not “marketdeals.au” or “filegeezer.it.av.” Most Phishing attacks use bogus website forms to collect personal data from unsuspecting users.
c) Most providers have a rudimentary backup of your Email data – perhaps a day or two – but nothing more. Long term backup of Email files is an important consideration. Many Email providers have this service at an extra cost.
d) Finally, make sure the password for your Email account is complex and changed often. A good password has a minimum of 10 characters, and contains a mix of upper case, lower case, special characters, and numbers. Your password should be changed every 30 days. If your provider allows 2-Factor Authentication (2FA), use it.
As you can see, choosing the most effective, secure, and stable Email system takes thought, proper execution, and ongoing management. If you would like more information about secure Email systems or book an appointment with an Account Manager, please contact me.