At present we find ourselves with a dilemma and great doubts when our information travels from one place to another through the Internet. It is as if we say we must send it to as I give reason and in a hint of sigh, hopefully our mail will arrive well.
By Osvaldo Callegari*
Remembering the processes of information management, in short periods of time it could be said that, until about 20 years ago, most epistolary communications were by letter by conventional postal mail, went to the post office, selected the service by which to send the message, according to this, depending on the cost, the letter could be simple, certified or express. This difference in value resulted in the way the service was distributed.
In the simple letter, as its name indicates, it was turned directly into a transport bag that contained a label indicating the city of destination, once it arrived the staff classified it into sections in a piece of furniture that had identifications by street and heights, this in turn was removed by the postman who was the one who made the final distribution.
In the case of the Certificada, of intermediate cost was a letter that was controlled by means of a registry which was made in the post offices of origin and sent with a control form to the destination office, which upon receiving it made the correct control with the letter in question.
And finally the express version, this one had a high priority and unlike the previous ones its office was in the first distribution exit, it left with the first train or delivery truck available, hence the difference in its cost. The other two had a delay of one or two days because some accumulation was expected not to dispatch semi-empty bags, otherwise applied generated inefficiency. All this introduction is aimed at showing that while the ways of communicating have changed, the methodologies are still used on the Web.
With this analogy we delve into the explanations of the processes that GlobalSign brings us from the hand of the product manager Julie Olenski in the eBook Email Security the use of Digital Signatures and Encryption, to understand how it applies what we said before in emails.
Business and email.
Can you imagine doing business without email? Convenience and instant communication produced electronic communication to be an essential component in day-to-day business.
Over 100 billion emails related to business activities are sent and received daily. The benefits are increasingly highlighted but at the same time there are potential risks.
Hackers are increasingly skilled in the process of intercepting messages, their main objectives are to obtain confidential information or falsification of such shipments (widely known as spoofing) with the intention of directing to websites that allow the use of malicious downloads (Phising) for the theft of information.
Fortunately, there are some email solutions that can help businesses or users mitigate these threats.
Digital email signatures and encryption ensure message privacy and prevent sensitive information from falling into the wrong hands. At the same time , you assure the recipient that the mail actually comes from you and that it has not been altered since it was sent.
Email security
This guide lies primarily in the need for email security in modern organizations. We will focus on the risks of using emails, explore how to digitally sign and encrypt messages can help reduce these risks, and also explain how you should sign and encrypt emails.
Email security, digital signatures and encryption
Email is convenient, but it also has risks. Let's take a closer look at two of the top threats facing the organization and end users.
Loss of information
Email is a tool we depend on on a daily basis. In turn, it is very easy to send confidential information to another person, putting this information at risk of falling into the wrong hands.
53% of employees have received confidential information from their company in an unencrypted manner via email or as an attachment in an email message. 21% of employees reported sending confidential unencrypted information.
The costs of losing information are staggering, not to mention the damage this makes to the company's reputation and the legal repercussions for violating regulations related to the transmission and storage of sensitive information (e.g. HIPPA, FIPPA, PCI). 2% of companies experience loss of information via email each year. $3.5 million is the average cost of an attack on a company's information.
Use of digital signatures and encryption
Email spoofing / Phishing: Sending emails from a fake address is called email spoofing, one of the most popular methods of carrying out a phishing attack.
A hacker will spoof an email to make it look like it is a legitimate company (e.g. a bank) usually with the intention of tricking recipients into downloading malware or training confidential information on a fake website, which the hacker will be able to access, is what is known as phishing.
Phishing is a growing threat to modern organizations.
1/392It is the frequency of phishing attacks on emails.-
300% Is the growth rate of emails that contain phishing in the last year
Hackers are increasingly adept at impersonating other organizations. Even people with high security knowledge can be scammed by a well-crafted email that contains phishing.
33% of executives at Fortune 500 companies have fallen into phishing email traps.
How digital signatures and encryption processes help mitigate these threats.
Digital signature and email encryption are an easy way to ensure the privacy of sensitive information, verify the origin of the email, and prevent manipulation of the content.
What is a digital certificate?
You need a digital certificate to digitally sign and encrypt an email, so we think it's best to start by understanding your meaning.
Digital certificates can be used for a variety of cases, including SSL and document signing, but for simplicity we will focus on how these apply to email security.
You can think of a digital certificate as a kind of virtual passport – a way to verify your identity in online transactions. Just as your local government needs to verify your identity before granting you a passport, a verification entity known as a Certificate Authority (CA) needs to validate certain information before issuing digital certificates. The certificate is unique to each person, being used to sign emails, it is a way for you to verify that the message actually comes from you.
What is S/MIME?
You may have heard the term S/MIME when you were looking for information about email signatures and encryption. S/MIME, or Secure/Multipurpose Extension for Internet Mail, is the industry standard for public key encryption for MIME-based information, S/MIME offers two email security features:
• Digital Signatures
• Encryption
Let's look in more detail at what each of these components offers.
What is a Digital Signature?
Applying a digital signature to an email is very similar to the old tradition of using a wax stamp when sending letters. The recipient of the letter knew who sent the letter because of the use of the single seal. When you use your certificate issued by a Certificate Authority to verify the email signature, the recipient knows that the email actually comes from you.
Why should I digitally sign my emails?
When you digitally sign an email, a cryptographic operation links your digital certificate and the contents of the email into a unique fingerprint. The uniqueness of the two components of signing your certificate and the content of the email offers the following security benefits:
Unique to the person signing
Authentication – when your certificate (validated by a Certificate Authority) is used to sign an email, recipients will be assured that it was you who signed the document. Confirming
your identity
Unique to the document
Message Integrity – When the signature is verified, it confirms that the content of the email at the time of verification is the same as it was at the time the signature was applied. Even the slightest change of content in the original document will cause this part to fail.
Why should I encrypt my emails?
Encrypting an email is like sealing your message in a safe deposit box that only the recipient has access to. Anyone who intercepts the message, either in transit or on the server where it is stored, will not be able to see the content.
Email encryption offers the following security benefits:
Confidentiality – because the encryption process requires particular information from the sender and recipients, only they can see the unencrypted contents.
Message Integrity - Part of the decryption process involves verifying the contents of the original encrypted mail and the new decrypted mail, these must be the same. Even the slightest change in the original message will cause the decryption process to fail.
Note: Encryption alone does not provide any information about the sender of the message. We recommend always including a digital signature when encrypting an email to prove the identity of the sender.
What do I need to digitally sign and encrypt emails?
1. A digital certificate issued by an S/MIME compliant Certificate Authority.
2. An S/MIME-compliant email provider. Most email providers support S/MIME including:
• Microsoft Outlook
• Thunderbird
• Apple Mail
• Lotus Notes
• Mulberry Mail
The products and trademarks mentioned are registered trademarks of their respective authors.
You can contact GlobalSign for more information about these solutions: www.globalsign.com|[email protected]
References.
1 Email Statistics Report 2013-2017, TheRadicati Group, Inc.
2 SilverSky Email Security Habits Survey Report, SilverSky, 2013
3 Best Practices in Email, Web, and Social Media Security, Osterman Research,
Inc., January 2014
4 Global Cost of Data Breach Study, Ponemon Institute, 2014
5 Internet Security Threat Report, Volume 19, Symantec, 2014
6 Spam Statistics Report, Kaspersky Lab, Quarter 3 2013
7 A Security Officer Debate: Are simulated phishing attacks an effective
approach to security awareness and training?, Wombat Security Technologies
8 Email Security, The Use of Digital Signatures and Encryption, GlobalSign Latin America 2015
Thanks to the GlobalSign Team headed by its director Laila Robakfor the contribution to this research.
*To contact the author of this article write to [email protected]
Leave your comment