‘Ifoesjl jt bxftpnf’

19 december 2017 - Hendrik Parmentier - Security

Email encryption. After all these years, it still has a very James Bond-like vibe to me. Because it’s way cooler to send someone an encrypted message then, well, just a message. If you tell your customer you will send him an email, that will hardly register. But if it’s encrypted, well… turns out that I am not the only one who still has that spy novel connotation.

But what is it, Hendrik, and even more importantly: why are you bothering us with it?

Well, encryption is making a text or code unreadable. Ever had a school pal with whom you exchanged messages, changing each letter with the next one of the alphabet? That is a very basic form of encryption. The sender knows how to encrypt and the reader how to decrypt. Something between the two of them. The teacher that intercepts the note is none the wiser.

Emails are, securitywise, incredibly flawed. Emails and app messages are open text files. ‘Open’ as in readable by whomever is a little tech savvy, during its travels from sender to receiver. A road that is considerably longer than most would think, often travelling halfway around the world before being delivered two blocks from your office. In first grade, my biggest worry was that Mrs. Lorraine would intercept my note. At age thirty three, it’s an unnamed male cyber criminal wearing a hoody and sunglasses behind his laptop. Or that’s how he looks in IT security commercials anyway. Must be annoying to work that way.

What do we put in emails ? Customer intel. Payment info. Company-critical files. Major offers. All of those have dark web market value, up for grabs to the highest bidder. Seems far off ? Well, back in the old days, criminals stole invoices from public letterboxes, changed the bank account numbers, and sent them on. Cash guaranteed. The exact same procedure is now used through email. Intercept. Adapt. Deliver. Try asking a customer to pay the same amount again because you didn’t get his money the first time. That will be a memorable phone call.

Encrypting emails is actually very easy. This is done through existing technology and compared to your entire security cost, it’s dirt cheap. You can encrypt a line between two mail servers, so your coworkers and their most common recipients wouldn’t even have to know it happens (this is called TLS). Or you could trigger it whenever there’s an invoice code or confidentiality marker in the email or attachment. Loads of ways to do it unobtrusively. Secretly. Like a certain spy who likes it shaken, not stirred.

Schrijf je in op deze blog

Ontvang het laatste nieuws over cloud telecom, technologie en ondernemen. Onze inzichten krijg je er gratis bij.

Delen op
Zoeken op deze blog
Schrijf je in op deze blog

Ontvang het laatste nieuws over cloud telecom, technologie en ondernemen. Onze inzichten krijg je er gratis bij.

Anderen lazen ook

30 oktober 2018

Hoe bang moet u zijn van LoJax, het computervirus dat onlangs in het nieuws kwam omdat het bijna onzichtbaar en onuitroeibaar is? ‘Nog niet heel bang’, zegt de leider van het team dat LoJax ontdekte. ‘Dit is zo complex dat je het niet op grote schaal kunt gebruiken.’

30 november 2017

De Belgische scale-up Destiny wil niet langer meer als pure telco door het leven gaan.

09 november 2017

What are sandboxes and how to pick one?