Why email encryption isn’t enough anymore
MOST businesses use email as a form of communication. What most wouldn’t do, is click a few buttons to ensure emails have additional encryption.
Email encryption protects the content from being read by anyone else other than the intended recipients. This is similar to encryption found on messaging services like WhatsApp, Telegram, and Signal.
However, recently researchers found flaws in a couple email encryption protocols, making it susceptible to hacking.
What does email encryption do?
There are several protocols available, such as the commonly used PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extension). PGP came into the limelight, as Edward Snowden used it as a preferred way to leak information on the NSA.
Generally, users have a public and private key. The public one is used for other people to encrypt messages to the user, the private on is used to decrypt the messages.
The private key can also be used to digitally encrypt or sign messages they send, so spam mails can’t use your identity.
Both Gmail and Outlook already use TLS (Transport Layer Security) as a standard encryption. However, for additional security, users can run additional encryption protocol like PGP.
Most email providers support S/MIME encryption natively, including Gmail and Outlook.
So what’s the big deal?
Until recently, PGP was touted to be one of the safest encryption. Many journalists were using it for communication with whistleblowers.
That blew out of the water when researchers from Electronic Frontier Foundation (EFF) released notes detailing a vulnerability of PGP. The exploit uses a piece of HTML code to trick email clients to reveal the plaintext of encrypted emails.
For people who use email to send sensitive documents or information, like bank details, passwords, ID numbers etc., encryption is important.
Without a secure reliable encryption protocol, data sent across emails are not secured. Anyone with the know-how can easily intercept your emails to extract confidential data.
So what now?
This isn’t to say forget about email encryption. It is still important. However, until things are fixed, EFF suggests users use alternative encryptions, or just give up on email and use encrypted chats like Signal instead.
Privacy is at the forefront of people’s minds, especially after a whirlwind of scandals on data misuse, and the enforcement of GDPR. Encryption will become paramount for all forms of communications, especially in business.
Perhaps it’s time Gmail get back on to the email encryption project that they abandoned a few years ago.