Who is reading your email, besides you?

Do you think sending e-mails and documents over the Internet is secure? Are you tempted to send your credit card number, social security number or other personal or sensitive information over e-mail just because it's convenient? Keep in mind that you and the authorized recipient or recipients may not be the only ones who read your e-mails. So who else could be reading them?

Email providers

Gmail, Yahoo!Mail and other Web-based e-mail providers rely on advertising which means that they must be able to read the contents of your e-mail in order to deliver relevant ads. While this is done by computers, company employees are more than likely able to view your e-mail as well, if only for debugging purposes. In fact, Google's privacy policy acknowledges that Google employees have physical access to users' data, although this applies to only a handful of employees.

Hackers

While often unlikely to single you out, a hacker might be able to eavesdrop and intercept your e-mails. "Trojan Horse" software can be installed on a machine, activated remotely, and extract information from a machine without a person knowing it's there. Another method of obtaining your e-mail password is to intercept your log-in, assuming it goes over an unsecured connection. Since your e-mails are likely not encrypted, this is not hard to do. In any case, the result is the same – your information gets to the wrong hands and you might be exposed to the risk of identity theft.

A widely publicized 2005 incident involved an alleged hacker, Rob Anderson, who intercepted and obtained copies of a company's e-mails as they were being transmitted, and then forwarded some of them on to the Motion Picture Association of America. These e-mails included sensitive financial statements and spreadsheets.

The wrong person via a misfired email

According to a survey by Sophos, 50% of employees surveyed admitted to accidentally sending a sensitive or embarrassing e-mail to the wrong person. Microsoft Outlook, Gmail and other popular e-mail applications or sites complete the recipient name for you, and if you're not careful, the wrong name may be entered. Once sent, trying to revoke the message seldom works and is not supported on most e-mail platforms.

According to a study by the FBI and CSI, employee inside abuses (accidental or intentional) accounted for 50% of all security breaches. A Ponemon Institute survey revealed that 69% of all serious data leaks occur as a result of employee activities. These leaks are said to cost $6.3 million on average. Out of these leaks, 39% involved confidential business information, 27% involved personal customer information and 14% involved the company's intellectual property.

E-mail is a very convenient tool, however you must remember it is was not built for sending sensitive documents or information that you must verify has reached its destination. If you absolutely need to send such information, do it over the phone or make sure you install additional security measures in place beyond plain e-mail. These measures need to control your information throughout its lifecycle, from creation, through sending, and beyond its arrival.

--Adi Ruppin is VP of Marketing for Confidela. Confidela's WatchDox is a Software-as-a-Service (SaaS) solution that enables the confidential sharing of important or sensitive documents in an easy and secure way.--

» posted by Katie Sullivan

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine