What would you react like if you knew that all your mail is actually being sent to the wrong address or that somehow someone is simply intercepting all of it before it gets through your door mail chute?

Email can also be intercepted. HIPAA Compliant Email The more valuable the contents of an email the more likely is that a cyber-thief would like to intercept it.

How can you protect yourself against this kind of very damaging risk?

Email Encryption and VPNs, are some of the better known methods to secure communications and data traffic to the general user.

Let’s start with Email Encryption since they are the most common mean of communication for the large public out there.

In order for your email to be 100% safe you would ideally need one of these 2 conditions:

1) an ideal/theoretical 100% secure network for the entire route the email is following.
2) an encryption/decryption process at email client level.

The first option would be very costly and it will involve a seriously skilled IT Support technician/engineer to get this up and running. A general user who simply wants to send and receive safe emails would probably never adopt this approach.

The second however I could say is almost simple by comparison with the first and, following the right set of instructions, a general user can set it up without the need of an IT Support department.So we’ll have to focus on this second option. There are 2 ways to accomplish it:

a) Self Signed Certificates. You will be using a key pair generating software, and since I should not be endorsing any paid one, I will name a few free ones: GPG (if you are not afraid of command prompt), the old free PGP (v6.5.8CKT build 08 – considered to be the better one), and the increasingly popular Key Manager plugin for Firefox. What you would basically be doing is create a pair of keys – private and public. You “Plug” your private key in your email client and send your Public one to everyone you know (or upload it to a Public Keys holding Server) so that they can encrypt the emails they send to you via your public key. Only those who have your public key can send encrypted email to you; the rest of the world would still be unencrypted.

b) Certificates signed by a Certification Authority. This will give the users additional assurances about the real identity of the certificate holder. The way it works: you go to a Certificate Authority, you complete a small form (some may even ask for proof of ID) and they issue you a certificate for the email you mention in that form. Before you waste a lot of time with their IT Support department, beware that the certificate must be retrieved with the same browser you used to apply for it. I recommend you use Firefox for this as some security settings in Windows 7, Vista and even XP will prevent the retrieval with Internet Explorer and Opera would just not retrieve it. Be very careful though!!! When you export/backup the key from Firefox you don’t have the option to do so just for the public key; it will export/backup the private key with it too. So I’d recommend you import that backup to the Control Panel/internet settings/content/certificates and once in there make another export/backup for the public key ONLY. Certificate Authorities will charge for issuing you one of these Certificates but, for promotional purposes perhaps, Comodo and some of its affiliates issue free email certificates (unfortunately valid only for 1 year).

Categories: Business