I am sure that you still remember Microsoft’s famous Windows tag line “Where do you want to go today?”, which was the title of a large Microsoft advertising campaign. Well today I’d like to go hack your email… figuratively speaking that is…
[easy-tweet tweet=”When it comes to explaining #email #encryption, there is no better way than walking the walk”]
I talk to a lot of business and cloud service providers out there and there is one thing I have learned over the years. When it comes to explaining email encryption, there is no better way than walking the walk instead of just talking the talk. With that in mind I went last year to an event in Johannesburg, South Africa with a different approach than the usual discussion about email encryption. This time around I set up the workshop in order to demonstrate how an email is hacked as opposed to how it is protected and the response I got from the audience was radically different to anything else I had seen up until then – they simply got it. So this is what I will be doing here, I will just show you how an email gets hacked and how easy it can be.
Hacking an email account
Hacking someone’s email doesn’t take much more than a telnet session and some basic knowledge. In this example an AppRiver security analyst performs an IP Scan, a SMTP login and creates new messages right from a telnet session. The analyst then goes on to demonstrate how someone with the right credentials is able to filter through incoming or outgoing email traffic to find and read any email message.
Your email is a postcard
How hard is it to hack an email account? Hacking someone’s email may vary depending on the level of security but overall is a fairly easy task to undertake by even a ‘junior’ hacker. The degree of difficulty may increase depending on the barriers to entry, but as we have all seen in the news these last years it does happen on a regular basis and we have found examples of email hacking activities coming from different directions: cyber criminals, intelligence agencies, business competitors, former employees, legal battle driven – the list of cases hitting the news is pretty much endless.
Hacking someone’s email may vary depending on the level of security but overall is a fairly easy task to undertake by even a ‘junior’ hacker
So you really need to start thinking of an email just like you do with a postcard. You are sending a postcard across the world and any postmen or person handling it has the option to read it if they decide to do so. Now, would you include contracts, payrolls, patient information, bank accounts, critical business decisions or any confidential information in a postcard? So what makes you think that unencrypted email is just fine?
Encrypted email
So you have seen how easy it is to intercept and read any email in the previous video so now let’s see what happens when you run the same approach on encrypted content. A security analyst mimicking a hacker starts by intercepting the message and then proceeds to access the content but the difference here is when he tries to read that content. So a hacker may get hold of the message but it will be fully indecipherable and therefore his attack will end up being useless.
Encryption: It’s hard to use
One of the reasons why businesses have been holding back when it comes to encryption is because they find it hard to use and not intuitive enough. Well, that was a good excuse back in the days of PGP deployments that ended up frustrating users to no end but this is definitely not something that you can say today. There are many examples that show that encryption technology has become easy to use, just trial encryption on your corporate email for a couple of days and you will understand how easy it is to integrate within Outlook, Chrome or mobile.
[easy-tweet tweet=”Businesses can hold back when it comes to #encryption because they find it hard to use or not intuitive enough”]
The good news is that with clear examples such the ones seen above companies understand why they need to rollout email encryption to at least the key departments that manage corporate sensitive data and are finally disabling hacking attacks and keeping their data secure.
Jordi Vilanova, EMEA Marketing Director, AppRiver
Jordi Vilanova joined AppRiver in January 2014 to lead AppRiver’s marketing operations in EMEA. Primarily responsible for corporate and channel marketing, he works with MSPs and resellers to improve the overall security offerings and identify how to best serve their customers in providing AppRiver’s multi-layer security approach to SMB’s communications and networks. Vilanova holds a great deal of experience in security technologies and cloud computing, and is an active member of several security groups such as the CSA (Cloud Security Alliance) through its local chapters. Some recent collaboration he undertook with the CSA includes the localization of the Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union.