You’re in your (e)mail

by Sven Gossel, charismathics GmbH

In today’s electronic world, people and businesses take for granted the ease-of-use, and speed at which emails are both sent and received. However, it is in these electronic messages, that personal and confidential company information is sent globally on a daily basis, and a place where people with malicious intent can target to send viruses and programs designed to invade privacy, destroy and/or steal data, or just wreak havoc on PC’s.

Prevent and protect

There is, however, a simple technology, which has been inherent in most email programs for a number of years, that can prevent and protect the above from happening. This technology is known as email signing, encryption or decryption and can be accessed through Microsoft’s Outlook, Outlook Express, LotusNotes and any others that support digital signatures and encryption. Today, this is a supported standard feature, meaning that, with a little research and reading, anyone can start sending and receiving emails on a secure basis; verify valid email addresses and, depending on the certificate issued, verify who sent the email. Unless the email is signed with a valid certificate, the source of the email could be deemed suspicious.

Making use of available technology

To make use of available technology, a person would need to apply for and download a certificate. There are several free certificate authorities available, such as http://www.trustcenter.de. Once the certificate is downloaded, it can be stored on a PC or more securely in a USB token, smart card, or TPM chip. The TPM chip is imbedded in the motherboard of a computer and designed to generate cryptographic keys to secure both hardware and data. There are software programs available on the market that take advantage of the TPM and allow it to be utilized just like a smart card or token to store digital identities or certificates. There are a few steps, which should be taken to initialize a TPM, as the PC manufacturer does not turn this on. Once initialized, a person can take ownership, download a certificate, and is then ready to start digitally signing, sending and receiving encrypted emails. It is interesting to note that all major PC manufacturers have been including a TPM chip in their platforms for the past few years and most business laptops already have one built in.

Certificates and encrypted emails

Most free certificates ask for some basic data such as name and email address. This basic certificate is classified as a ‘class one’ trust level, for the verification of an email address. The certificate authority then verifies the email address before issuing a certificate, which can then be used to validate outgoing emails by simply clicking a button in the email window itself.When the recipient receives a signed email, there is a badge on the icon of the email indicating that the email has been signed. The recipient can then open the email and see a little badge showing that the email is signed and the certificate authority has verified the address, giving the recipient peace of mind that the email is valid and safe before opening. One additional feature in Outlook is the ability to send encrypted emails. Once the recipient receives a signed email they then have the sender’s key to decrypt emails from that address. This way, the recipient knows that the sender actually sent the email, as the email could only be encrypted by using the sender’s certificate. An encrypted email cannot be read unless the recipient has the key to decrypt the email. Therefore, even if it is intercepted, it cannot be read because they would not have the key to decrypt the email.

Be aware

Most email programs have features to filter emails that come in and most antivirus programs support email filtering and virus scanning. One common misconception people have is to reply to spam by asking to be taken off a distribution list. If spam emails are in fact replied to, it will just validate that the receiver is actually ‘live’ and may encourage more spam. Alternatively, look for the privacy policy in received emails and do not reply. Email users should be careful of releasing their email address and be aware of how it will be used. It is often advised to set up a secondary email account to sign up to website offers and competitions to reduce the amount of unsolicited mail to a primary email account.The U.S. Federal Bureau of Investigation maintains a website for cyber investigations including email fraud and scams – the website is www.fbi.gov/cyberinvest/escams.htm. People can access this website free of charge and sign up for email updates when new scams and warnings are posted. With more online applications, email fraud is certainly on the rise and thousands of people have fallen victim to scams, most of which are looking for personal information – this is called ‘phishing’. These emails appear to be from legitimate email addresses or companies like banks or schools, and ask the recipient to verify their personal information. Hundreds of millions of dollars are lost annually through personal information such as bank account / card numbers and passwords being obtained through fraudulent ‘phishing’ emails. With security now a top priority, email signatures are a trusted and accessible way to validate a users identity and cut the amount of email spam. Phishing attacks would potentially decrease, along with other malicious emails. The technology is already available today, with hardware installed on PC’s and software accessible free of charge from the Internet. Therfore, with a little research and education, people and businesses can start to be more security savvy when it comes to email communication and security.

Tags: , ,

Categories: Identification

SUBSCRIBE & CONNECT

Subscribe to our RSS feed and social profiles to receive updates.

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: