It was designed in simpler times.
Actually, I don’t have hard data to say one way or the other. The risk varies too much on too many factors to present data that will apply in any specific situation.
But we can definitely look at some of the factors.
Become a Patron of Ask Leo! and go ad-free!
How Secure Is Email?
Email was never really designed for the security we might need today. The good news is that most of us are not interesting enough to be at risk of being hacked. If you are, then secure alternatives, like encrypted attachments or not using email at all, are the most common solutions.
Your confidential business information scenario warrants consideration, but I want to discuss the case for the average email user first.
My experience is most people have an overinflated sense of risk when it comes to threats and technologies they don’t understand.
Email, and how messages make it from your computer to mine when you press “Send”, is something the average computer user not only doesn’t understand but has no reason to understand.
As a result, sometimes threats that should be of concern are overlooked, and issues that are really no threat at all can prevent people from using the technology to its fullest – or cause them to avoid it altogether.
What is possible
By default, the content of email is not encrypted or obscured in any way. As it travels from your computer to your mail server to my mail server and finally to my PC, it’s stored in formats that are easily read by anyone who has access and cares to do so.
Let’s examine those two criteria in more detail.
Who has access to your email
Anyone who has access to the network, network equipment, mail servers, or PCs across which your email travels can potentially read your mail.
These people include:
- Anyone with access to your machine has several ways they could examine your email conversations, from installing spyware to copying your mail folders to simply opening your email program and reading your mail.
- Malware is just a special case of someone having access to your machine. The concern behind malicious compromise of your machine is that malware can gain access to more than just email. Even typing your message could be recorded if malware is present.
- Other machines on your network may be able to see your email as it’s transmitted between your machine and your mail server. I say “may” because it depends on how your network is configured. The most obvious is an open (unencrypted) Wi-Fi hotspot, where any machine connected to the hotspot can see the data sent and received by other machines on that same hotspot.
- Your ISP can examine all the data you send and receive on the internet as a side effect of providing your connection to the internet.
- Your email provider can examine your email as a side effect of providing your email service. The provider’s own networking and hosting providers could be included as well.
- Your recipient’s ISP: just as your ISP can see everything you do, your recipient’s ISP can see everything they do, such as receive the email you sent them.
- Your recipient’s email provider has the same access yours does.
- Other machines on your recipient’s network have the same issues as the machines on your network.
- Malware on your recipient’s machine puts your conversation at risk just as much as if it were on your machine.
- Naturally, anyone with access to your recipient’s machine can do whatever the recipient could, and thus could read, copy, or otherwise access your email conversation.
This seems like a long list of entry points at which your email could be exposed to prying eyes.
Why you needn’t panic
When most people see the list above, they immediately focus on the items outside of their control.
I get constant comments implying (or flat out accusing) email providers and ISPs of maliciously reading emails they have no business reading.
In my opinion, that’s unwarranted paranoia. These businesses are too busy to have the resources to do so and too competitive with each other to allow something like that to potentially become public knowledge.
That’s not to say there aren’t incidents of breaches from time to time — formerly trusted employees have been fired or even jailed as a result. What I am saying is these are the exceptions rather than the rule.
Nope, the real risk (if there is to be any) is at the points you do control.
The risks are at the endpoints
I honestly believe the greatest risks are at the sending and receiving endpoints.
In other words, the actions of malware on your machine, or of someone walking up to it and poking around, or even your own actions misdirecting an email message, present a much greater risk than anything that might happen once the message is in transit.
As a result, the most important thing you can do to secure your email is to secure your computer and your own practices in dealing with your computer and the internet.
If there is risk, that is.
You’re just not that interesting
I hate to break it to you, but you and I … well, we’re just not that interesting.
Even if people had an opportunity to read our email, they probably wouldn’t. In all likelihood, 99.99% of all email is incredibly boring unless you’re the sender or the intended recipient.
Even so-called “confidential” information isn’t shared much via email. Just avoid emailing things like social security numbers, passwords, credit card numbers, and the like, and you’ll be 99% protected right there. By now, it should be common knowledge that any email that asks you to reply with information that includes confidential information is almost certainly a phishing attempt. Sending that kind of information via email is a bad idea.
So don’t do it.
Everything else you do in email is probably pretty boring stuff. I know mine is.
But what if you are interesting?
Your question included two very important words that might make things more … interesting: “business” and “sensitive information”.
Email privacy does start to make sense if you have legitimate reasons to be concerned that your email might be intercepted, and/or if the cost of such an interception is unacceptably high.
Banks and medical institutions are excellent examples.
So the first question you need to ask yourself is, “Am I really a target?” Most people are not. Most businesses are not. Many might think they are, but in reality, no one cares. On the other hand, if you’re communicating sensitive things that are the focus of possible industrial, political, or personal espionage, then yes, you may have a legitimate concern.
The next question is, “What’s the downside of someone else seeing this?” Again, in most cases, the cost is negligible: a little embarrassment at most. If, on the other hand, that information could cause serious damage in the wrong hands, then it’s time to consider different approaches.
And as a business, if there are legal ramifications to information leakage (or actual laws, like HIPPA, requiring a heightened level of privacy and security), then whether actually warranted or not, you may be required to take additional steps.
You have exactly two options:
- Avoid email
- Encrypt it
Alternatives to email
The most important aspect of an email alternative is that you control or understand the entire path your sensitive information might take on its way from point A to point B.
My online brokerage is a good example. They do not email statements; they use email to notify me that a statement is available. I can then log in securely to my account on their website and download my sensitive information.
Not only is the path a direct one — from their server to my PC — but it’s encrypted via https, so that even someone at my ISP watching the data stream would be unable to decipher its contents.
They control their server, I control my PC, and the path between the two is obscured from any third-party prying eyes.
You could set up access-controlled shares on your company’s network or servers, or even go so far as to write a custom application requiring additional security to access the data, and you could impose a higher level of obfuscation on the data as it travels the internet.
Just make sure you have someone who is a security professional doing the work. It’s easy to think you’ve done security right when you have not.
The most practical solution for most people, which you are advocating for, is encrypting your data before it’s emailed.
The problem here is that encryption schemes for email are not as interoperable as we’d like. If you can standardize a solution that works for all of your senders and recipients, then your email problem is mostly solved. (While some solutions are free, they often involve third-party software and periodic fees.)
If you’re doing it on your own and your correspondents are running different email clients or even different operating systems, things get more difficult. Personally, I’ve not found a good solution that integrates well with various email clients. My approach instead is to send encrypted attachments. By that, I mean:
- I write my message using a plain text editor or word processor, and save it to disk
- I use a tool to encrypt that file. Candidates are 7-zip (using ZIP format and a password), PGP/GPG, and VeraCrypt, although there may be other viable alternatives. ZIP files are perhaps the most easily interchanged, and current implementations provide good encryption.
- I email the encrypted file as an attachment to my recipient.
- I also send to the recipient — through a different channel — the password or whatever other information they will need to decrypt the file.
It is somewhat cumbersome, but if you can agree on an encryption tool, it works in almost all environments and with any email client that can send an attachment.
You’ll notice that encryption is a cornerstone of even non-email solutions.
If all this sounds like I’m skeptical … it’s because I am. In my opinion, most people who think they are targets are in fact not.
But if you really are a target, and if electronic communication is a necessity, then good encryption is a must. Things can be a little more complex than we’d like, but if it’s important, you cannot simply ignore the risk.
It’s one more reason why truly secure information is often best handled in phone calls or in-person meetings rather than email.
Here’s something that doesn’t need to be encrypted and will help you stay more secure: subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.