The recent security breaches ( Sony, Target ) have shown us all that damage that is becoming more pervasive and egregious. Email security is a key part of this. We also should consider the article below with its suggestions.
Stay safe. It is very tough out there in Cyberspace!
=================================================
The Founder’s Guide To Email Security
Posted Dec 12, 2014 by John Biggs (@johnbiggs) techcrunch.com
With the horror
of the Sony Pictures breach
unfolding in slow motion before us, we are reminded that operational security –
OpSec – is absolutely key at any company. Whether or not you traffic in
high-value data, the expectation that your servers are secure enough and that
your data is worthless is foolhardy. You will be compromised and it will hurt.
The primary
vector for the vast majority of attacks is email. If your IT department and
firewalls are working correctly, the chances that you will be hacked in your
back end are low. It will happen, but the juiciest stuff is in your email
archive. It is in email where your employees converse, where you trade credit
card numbers and passwords, and where all the damaging one-off notes end up. In
short, we’re all idiots for trusting email at all, but there are ways to reduce
that idiocy.
Here are two
major steps you can take to make your company more secure.
Delete Your Email
While there may
be some pressing legal reason to keep gigabytes of email in your mailbox, most
of us can safely dump messages after a preset amount of time. “But that’s
important customer information,” you cry. No it isn’t. And if it were you’d
want to keep it in a CRM. “But I have a great system of folders and action
items!” you scream. No, you don’t. You have a shitload of email. If you
must keep your email, dump it all into a searchable database like DevonThink
and keep it off your mail server. Are all your color-coded action folders
important to you? Buy a notebook and write stuff down. I delete 98 percent of
my email. If it keeps, it’s an accident or I think I may need to act on it in
the next hour or so. An email archive is a garbage pile that is chock full of
exciting information for hackers. Get rid of it.
Encrypt Your Email
I’m going to
recommend GPGTools
as an encryption solution for OS X. You can download Mailvelope for
cross-platform Gmail encryption but GPGTools is a full-featured system that can
encrypt documents on the fly, something Mailvelope can’t. If you’re running
Windows then there are other options, including GPG4Win. Linux users are
smart enough to install their own PGP solutions. For brevity’s sake, we will
focus on OS X.
1. Install
GPGTools. Download the
tools from here. Install them.
2. Generate a
public/private key pair. You will install something called GPG Keychain. This
will contain all of your public and private keys. Your public key is just that
– public. This is the key you share with the world. Your private key should be
guarded with your life. Do not give it up to anyone and be very careful when
you export it.
When you
generate a key, use a complex passphrase. “I love the song 99 Luftballoons!!”
would work as would “d4D99AX!0^xpork is my password.” “I like mom” or
“porkninja” are too simple. This is a password you will use often so make sure
it is something that you can easily remember and quickly type. The enemy of
good password protection is frustration. Select “Upload public key” before you
generate the keys and they will be sent to a popular key server like PGP.MIT.EDU or Keybase.io. These
repositories allow people to look up your key and use it to sign emails to you.
3. Fire up
Apple Mail. Now you should be automatically signing emails as they go out. This
means you are taking part in a public key
cryptography system. Not only are emails “signed” with your public
key useful to confirm you are who you say you are, they also allow folks you’re
conversing with to encrypt their messages to you. You do not have to
exchange private keys with people to use PGP.
At its
core, PGP systems use public-key and symmetric cryptography. In
short, if Bob and Alice are conversing, Bob’s private key and Alice’s public
key combine and Alice’s private key and Bob’s public key combine and these two
keys are used to create a unique key. This ensures only Bob and Alice
can decrypt the messages. You can also encrypt messages to and from groups, and most platforms should support that. Your mileage
may vary.
There you have
it: those two blue icons mean the email will be signed and secure. My emails
with Natasha will now be forever secure! Huzzah!
4. Use PGP for
all internal mail. Please. Do it. The garbage pile that is your email cache
will become useless to a hacker and private information will stay private. I
know you can’t use PGP with everyone, but never send emails that you would
consider confidential without it. Encourage those you do business with to join
you in PGP and encourage other founders to read this and stay safe.
While I
understand that the Sony breach probably consisted of a number of compromised
email accounts without protection, it also points to the possibility of a mail
server dump. Most of that mail was probably plain text. The goal is to have
none of it plain text.
==================================================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
.jpg)
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
No comments:
Post a Comment