VG Tuesday Tips: What Happens When an Email Isn't Encrypted?

By today’s fast-moving technological improvement standards, email hasn’t changed much. Indeed, it was 1971 when Raymond Tomlinson conceived the idea for computer engineers to send each other messages. At this point, what was considered the first internet (ARPANET) was only six years old. Incidentally, Tomlinson is also credited with sending the first email and setting the standard for an email address using the “@” symbol.

Email hasn’t changed much since then. Now, just as it was in 1971, email messages are just simple texts sent over a network and are insecure by design. Although people that send emails use the format used to write letters, i.e., the salutation and sign-off, standard email messages are not as secure as traditional letters sent through the mail. It took several years for standards to develop that would protect emails. This protection is called encryption. That said, as much as 50% of email messages sent are unencrypted.

Unencrypted email can have serious consequences. Back in 2014, Sony pictures had their internal servers hacked by North Korea. The apparent reason was to get Sony not to release The Interview, a satirical take on the North Korean regime. The hackers took as much as they could before being discovered, including personal email messages between top executives. Had those messages been encrypted, they would have been unreadable.

Your Email Messages Might be at Risk

Email messaging has become so embedded into how we conduct our lives that we take for granted the information in emails is secure. The reality is if we don’t purposefully make sure our email messages are encrypted, chances are they are not. For example, people send personal information to each other via email. Information such as password resets, login credentials, tax records, and medical records could be at risk of being stolen by cybercriminals.

The security standard that governs emails sent over the internet is SMTP (simple mail transfer protocol). However, this protocol lacks built in security. Unfortunately, your personal information is valuable to cybercriminals. They are always on the lookout for ways to steal it.

What Happens After Pressing the “Send” Button?

Some cybercrime experts say emails are vulnerable throughout their journey from inbox to inbox. Consequently, when thinking about email encryption, multiple places should come under scrutiny:

• First is the device where the email originates. Depending on what email service you use, the provider may or may not use encryption as the email leaves your inbox. Hackers know what providers do or don’t use email message encryption, so they watch for vulnerabilities. Google does not send out an encrypted email by default. The user must turn encryption on. But, this only works if the message is another Google user that has encryption enabled on their end.
• Next is the server where your email goes after you send it. While the service provider might encrypt the email as you press send, if the data on their data server is not encrypted, it can be stolen. Most mainstream email service providers use secure data servers. However, even if Google encrypts email and uses secure data servers, the email may still be vulnerable.
• Once a user presses the send button, she cannot see what happens after her email service provider sends the email to the recipient’s email service provider. If the recipient’s email service provider receives an unencrypted email, chances are it will send it out as a plain text message. This comprises the security of your personal information.
• Security experts claim emails are the most vulnerable when they get to the recipient. This is because the recipient might have a compromised device. In other words, the device may have a virus, malware, or been compromised by a phishing attack. Even if the recipient has a computer with good virus and malware protection, she could just forward the email to anyone and you’d never know.
• Finally, emails can be stolen while in transit. The Internet is a vast place. Hackers can just pluck them out of transit. If your email was encrypted throughout its journey, all hackers will get is encrypted information.

What Can be Done About Unencrypted Email?

The only way to have peace of mind that your email is secure is by ensuring end-to-end encryption and data server security. This is accomplished by using a third party that specializes in end-to-end email encryption.

Elements of End-to-End Email Encryption

Third-party vendors that specialize in end-to-end email encryption use a pair of encryption keys that have been encrypted using algorithms through public-key cryptography techniques. One is public and one is private. For example, Carl uses end-to-end email encryption. When his friend Lisa, who also uses end-to-end email encryption, wants to send him an email, it gets encrypted with Carl’s public key. The email then goes to the third-party email encryption provider’s secure server, where it stays encrypted. At this point, not even the server can read the email. Finally, when Carl receives the email, he uses his private key to decrypt it.

Staying with the above example, what if Lisa does not use end-to-end email encryption or uses an insecure email service provider? Because Carl uses a third-party end-to-end email encryption provider, the message is encrypted once it reaches the data server. When Carl sends Lisa an email, it is automatically password protected. Lisa would need to know the password, which would not be sent in an email.

Conclusion

In closing, email messages are not as secure as many may think. What some believe to be an instantaneous transfer between two computers, phones, or tablets, is in actuality, a journey through cyberspace with four stopovers. At any point in this journey, an email is vulnerable to theft. The solution is ensuring your emails have end-to-end email encryption. You do this by hiring a third-party that specializes in end-to-end email encryption. Using modern public-key cryptography techniques, the end-to-end email encryption experts develop keys that encrypt and decrypt email messages. In the end, this is the surest way to protect your email. This will give you peace of mind, not to mention unsurpassed security.

• Go back to previous posts