What are the consequences if you e-mail sensitive business information, such as financial statements or a report with evidence of employee wrongdoing, and it falls into the wrong hands?
At the very least, the security lapse would be embarrassing. There could also be more serious legal repercussions.
The question arose with one of my clients when their favourite translation firm closed its local office. Due to the quick turnaround times required, it was no longer feasible to courier discs with highly sensitive documents to and from the translators. But if they began sending the documents by e-mail, how could they ensure that only authorized personnel could read the messages?
Sending standard e-mail has all the privacy (or lack thereof) of dropping a postcard in the corner mailbox. Yet it's possible to virtually eliminate this security weakness by using secure e-mail.
You can implement secure e-mail using a widely accepted security certificate for little cost. Most major e-mail clients support security certificates for POP3 accounts, but this form of secure e-mail is not designed for use with most Web-based accounts.
The trouble with standard e-mail
There is more than one security issue with standard e-mail. Some e-mail programs automatically fill in the intended recipient's e-mail address based upon the name entered in the "To" box. But this can be problematic. A message intended for John Blacksmith may be addressed to the John Black in your address book, unless you catch the error in time.
Furthermore, an e-mail message typically travels a circuitous path along the Internet. It may temporarily reside on more than one intermediate server, taking several hops to reach its final destination. At any point along the route someone can intercept and read the message. How can you perform the electronic equivalent of sealing and registering a letter?
What makes e-mail secure?
There are two main objectives in securing e-mail: to verify the identity of the sender, and to ensure that only the authorized recipient can read the message.
A security certificate, such as a Digital ID, is attached to the e-mail message and verifies that the e-mail originated with the sender and has not been altered along its route. E-mail clients such as Microsoft's Outlook and Outlook Express tag messages that have a Digital ID with a distinctive badge.
A Digital ID identifies a specific e-mail address and is usually issued by a trusted authority. The cost is modest: I checked several Digital ID authorities and found that charges ranged from free to US$25 per e-mail address.