Tech View: Insecurity of email makes it a prime target for bad guys

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

For years now, IT folks have been decrying the insecure nature of email.

For the most part, such warnings have fallen on deaf ears. But as the bad guys of the internet get smarter, emailing of sensitive data is becoming a bigger and bigger target.

First, most laypersons don’t realize how easy it is to intercept and read your email. Sure, your connection to your email server is encrypted, but once it’s sent out from there, it’s pretty much readable to anyone who might come across it. And this list is extensive. For businesses and government agencies, your IT support staff, whether in-house or an MSP, can easily access your messages, but you already knew that (or were highly suspicious).

Along the way, ISPs and anyone who can access a router through which your traffic passes could possibly intercept your email. For example, if you or the recipient use a third-party spam filter, then mail passes through there and can be read.

The good news is that most IT and ISP staff don’t want to read your email. Especially experienced staff, who, after a few years in the industry, have seen it all and really can’t be bothered. There are exceptions, but those are few and far between.

On top of this, ISPs, MSPs and in-house staff at large organizations have strict policies and procedures to discourage such behavior. Most folks aren’t going to risk their jobs or even criminal punishment to read other people’s mail.

Given all the possible interception points, it’s easy to see how the bad guys can snag your email. And while there is no perfect solution, by taking a few rather simple steps, you can be a lot safer with email transmissions.

First, try to avoid sending sensitive information at all via email, including financial data, login credentials and personal identifiable information. Of course, this is easier said than done. Many financial institutions have implemented secure mail solutions, but those are expensive and oftentimes ineffective.

Consider using encrypted documents to send sensitive information. A simple password-protected word-processing doc, spreadsheet or pdf will go a long a way toward discouraging the sharks. Just don’t include the password in the email. Send the password via a text, ideally an encrypted text, such as imessage or whatsapp.

Similarly, if sending system credentials, don’t send both the username and password in the same email. Instead, send one or both via encrypted text.

These aren’t perfect methods, but will go a long way. As we’ve often said here, you don’t have to out-swim the shark, you just have to out-swim the other folks in the water. And right now the water is chock full of tasty other targets. So even a little care will go a long way.

———

John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.