Email Security

Email is Not Secure

Security0

Email Is Not Secure Naturally.

Lately we’ve been hearing about email servers and scandals involved with email in the news. Some people have commented: “So what? Email is secure.” But it’s not, there are steps you must take to make your email secure! We have had clients ask us to email them passwords or other important information. We do not agree with being careless in the handling of very sensitive information. Instead, we pick up the phone and give them a call or use another method such as a trip to their office.

Email was not designed with any privacy or security in mind. Email was designed back when the internet was a much smaller place for simple messages.

How Can Email Get Intercepted?

Email must travel through several servers while making its way from sender to recipient. A message sometimes “hops” through more than a dozen servers on its journey. Each server it touches is mandated by law to store the message, sometimes for several years afterwards. Furthermore, the distance traveled between hops is often spent unencrypted.

The networks where your emails pass through are a series of routers and switches. All of these connections are owned by different people with varying security standards. It is safest to assume that anything you write in an email can be intercepted and read by anybody, as if it had been published to the front page of a newspaper.

Email servers are where your messages are physically stored before being downloaded to your email browser. Email servers are insecure by default. If a message was originally sent unencrypted across unencrypted networks, it’s going to come onto the server unencrypted.

Even after reaching its intended destination, many computers do not have a login screen or a lock screen code – same with many phones and tablets. If you leave your tablet at the local coffee shop with no lock code, for example, you’ve just compromised all of the email stored inside.

What Are My Options to Keep My Email Secure?

Encrypted Email

Use end-to-end encryption. This is a process which scrambles the message using a complex mathematical formula that can only be solved using a long public key stored on the receiving end. This can prove to be logistically daunting depending on the number of people you contact regularly. This is because all of them must have a copy of your public key set up in their email program in order to read your emails. Even with this type of encryption, email headers are still left open. You won’t be able to hide who you are sending an email to. The NSA has even touted scanning email headers for information during digital pat downs.

Mix It Up

You could send an email to a client letting them know that you’re texting them a password, for example. Then send the text with no additional references about what it’s for. Sending sensitive messages in multiple parts using different channels reduces the likelihood that a man-in-the-middle will receive enough information to do damage.

Use a Service

For sending passwords, LastPass is still one of the most secure services around. You can share passwords in LastPass with other LastPass users.

Messaging apps get mixed reviews from a security standpoint. For example, Skype used to be considered a good encrypted chat service. That is, until it was confirmed that Microsoft had built in a dangerous back door for themselves. Even if you trust Microsoft, back doors very seldom go unexploited once they’re known to exist.

File Services

Services like DropBox are also useful and fairly secure. Since Dropbox encrypts everything you upload and download over a secure HTTPS connection, your file transfer should be secure from start to finish, though mobile DropBox is not secure. You could also create and send an encrypted ZIP file.

Staying Secure

It’s important to continue downloading and applying updates for the services you use. Even if you are using a mainstream app, it could still be insecure if you haven’t updated it lately. For a long time, iMessage was thought to be secure. Then vulnerabilities were found and Apple had to release security patches to close those holes. If you’re not sure about a security patch, visit the provider’s website and check their support area for recent updates.

The Good and the Bad of Cloud Computing

Blog, Security, Tech0

Cloud Computing

Cloud computing seems inescapable. Phones and devices have cloud servers for files, any user can get free cloud backups for their own computers, and even federal and state governments are investing in cloud computing for their own data. But just what is it, and is it safe?

What Is It?

First, we had computers that had hard drives with information and programs on them, and then we used discs to move that information from computer to the next. These discs were small, so we took to thumb drives, but this was problematic if you forgot your thumb drive at home or work or school. Those of us who had web mail account like Yahoo or Hotmail recognized we could just email ourselves the data, and open it from wherever.

This was the early stage of Cloud Computing.

Cloud computing is the practice of using a network of remote servers hosted on the internet to store and manage data, rather than a local server, or a personal computer. Given that few of us stick to just one computer these days –between home, work, school, laptops, tablets, and other devices – having ready access to that information on any device is important. This is where cloud computing comes in.

Where is it stored?

Cloud computing is named as such because information or even programs are used or run from a number of application or storage servers kept and backed up off site, and accessed through multiple computers where the user logs into an interface for access. A simple example of this is web-based email which is accessible through a web browser and website, but available through any computer.

Individuals and companies often resort to third-party cloud storage, such as iCloud, Dropbox, Google Drive and others. Companies may wish to back up not only files, but whole computers, databases, or programs for use.

When are people going to use this tech?

This sort of technology has been used since the ‘90s when people backed up files on web hosts or used web-based email clients. With the ever increasing use of mobile computing, cloud hosting has become more prevalent and will continue to do so for the foreseeable future.

Why is this needed?

The more mobile people become with their computing, the more important it will be to have access to files, data, and programs remotely. While devices and computers have ever-increasingly large hard drives and can hold more info, hauling around secondary drives and copying information over is redundant and unnecessary.

For companies and industries, a base location for all information is valuable in the interests of saving money and time. Instead of a slowly depreciating server under a desk or stuck in the back room, all information is available and reliably backed up offsite. This also allows for people in multiple locations, branches, or buildings, to have access to and immediately update information as needed.

What are the potential pitfalls and drawbacks?

Cloud computing has some very real drawbacks and concerns, and some of them do not have good solutions at this time:

  • Access: To access the cloud (whatever form of cloud you are accessing at the moment), the user needs internet access. Without wifi or otherwise, access to files and software severely limits what can be done. This is becoming less and less a problem as time goes on, but still could come up as an issue.
  • Security: Every day the news broadcasts another company or institution getting hacked. And as security gets more sophisticated, hackers always seem one step ahead. Information could be accessed and stolen during a number of points in the cloud computing process, whether it be a hacker discovering a means of getting in, or a user with a weak password.
  • Privacy: Housing your data somewhere on the web inevitably means someone else may have access to it. Along with the aforementioned hackers, NSA access to various servers and databases has been argued and discussed extensively throughout the last year. While a company may not have anything to hide, they may not want that data accessible in general.
  • Third Party Control: Ultimately, in handing over data and programs to a third party, a company or institution is handing the keys over to someone else. Not everyone likes this or feels comfortable with it, and would prefer to have complete control over their information.

Despite the potential hazards of cloud computing, large companies and even government and official institutions more and more are turning in that direction due to reduced costs and ease of use. The debate and concern over the security of private information will only increase as hackers are more sophisticated and computing becomes more ubiquitous. But cloud computing is not going away any time soon.

For more information on cloud computing and internet security in general, follow the Appletree Media blog.

More On Cloud Computing:

http://computer.howstuffworks.com/cloud-computing/cloud-computing.htm

http://www.moneycrashers.com/cloud-computing-basics/

http://www.thefiscaltimes.com/2014/10/14/States-Turn-Cloud-Computing-Cost-Savings

http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/25-point-implementation-plan-to-reform-federal-it.pdf

http://www.itproportal.com/2014/10/13/whitepaper-five-myths-cloud-computing/