A real-life scenario
I recently took advantage of the low mortgage rates I’ve seen advertised all over the place and refinanced my house. I was excited! The bank offering the refinancing that I applied to was able to do just about everything online. They used a combination of Adobe PDF delivery mechanisms and a secure portal to upload documents required for the mortgage.
In typical fashion, something broke with their portal and I needed to send one last document to the bank. My options were to either drop it off at the local branch or send it to them via email.
In my job, I have many tools at my disposal to send encrypted messages through email. I decided that I really didn’t want to use any of our systems at work since it is important to maintain separation between personal business and work.
Hmm, what should I use within my personal email account to encrypt this stuff? Should I zip it and password protect the file? That sounded like a good idea, but then I started to think of the risk involved with me just sending the PDF. Do I really care? I mean, what could happen? Is there a chance that some hackers are just standing near a Comcast headquarters with one of the switches port mirrored, looking for stuff coming off of the residential backbone? I guess it’s possible, but what are the chances? Are we REALLY going overboard with this email encryption stuff? Do we REALLY need it?
Unfortunately, the answer is yes…
In reality, we need email encryption more than people realize. The biggest problem is that you don’t know what’s happening between the two endpoints. You can’t put your faith in a gut feeling that there won’t be any evil happening once the data hits the internet. Or that the infrastructure is somehow too big or obscured enough to even allow the capture of your “one in a billion” packets that pass through in a nanosecond. Since you don’t have any control or visibility of what happens between the originator and the receiver, you just can’t take that chance with sensitive data assets.
I teach at a university here in Chicago and one of the assignments I have the students in my Information Security course complete is research on something called Room 641A. You will quickly realize that there is a lot more happening within the internet infrastructure that you may realize.
We must maintain due diligence when transmitting data across the internet, and email is no different. If you need help understanding how Email Encryption works or how it can be implemented at your organization, please email us at firstname.lastname@example.org.