The European General Data Protection Regulation (GDPR) made the topic of privacy protection an important agenda item for every company. Almost all the time, risk analysis brings up email traffic as a very risky part. In the meantime however, I often encounter organisations that are pretty sure in their statement that the have their email traffic safe and under control. They think that using some sort of encryption will automatically result in safe email. In this blog post I explain why they are still taking a risk.
Why is regular email unsafe?
For those unfamiliar with how email works, I will give a short introduction on why this option is, by default, unsafe. Email arose in the sixties when privacy and security where relative unknown terms. Originally, emails where sent unencrypted. This is similar to putting a letter in an envelope but without closing it. Both the mailman and employees at the post office can read your letter without you being aware of it.
Someone could say: “Why don’t you just close the envelope?”. That’s the reason why email protocol has been enriched with encryption assistance, also known as ‘STARTTLS’. However, because traditional email still has to be supported, the encryption works as follows: If you want to send your message encrypted your server will ask the receiving server if it supports encryption. If the answer is ‘yes’ the receiving party receives an encrypted message, if the answer is ‘no’ your message is sent without being encrypted. The problem here is that the question itself is being asked unencrypted! Malicious people can intercept this question by using the so-called “active men-in-the-middle attack” and answer the question with ‘no’. Afterwards the server receives your message unencrypted and they have access to your message.
You could decide to refrain from sending a message once the answer is ‘no’, but how DO you get your message safely to the real recipient?
How can you safely send your emails?
To safely send information by mail you have the following solutions:
1. Build trust between mail servers:
One of the ways to this is by using certificates, VPN tunnels and DANE. DANE is the standard option and has our preference above the other two (maintenance intensive and error prone) solutions. A disadvantage of this option is the fact that in order to build trust between servers you need action on both sides of the line. This is doable when you are dealing with a few important partners. However, as you can imagine, this solution is not very practical since almost every organisation has conversations with at least a hundred different parties.
2. Encrypting your messages with PKI-systems:
PKI (public key infrastructure) systems, like PGP, presume encryption of messages using a key that is in possession of the receiving party. De- encryption can only happen if you have this key. A disadvantage of this option is that every receiver needs to have his own keys created and use the same PKI system as the sender. As you can image, for the ‘regular’ email user this solution is way too complicated.
3. Send your message with 2-factor authentication (2FA):
2FA is known to almost everybody. Maybe not as a term but everyone is using it. For instance that extra SMS message you get when you want to do some online banking or the extra code you have to use when you want to login at work (read our blog about 2FA). It is called 2-factor because it assumes using ‘something you know’ and ‘something you have’. For instance a password and your mobile phone or a token. Using 2FA can make your email safe. The question is however is; how do you make the receiver use the second factor. This is impossible to do with regular email. You will have to encrypt messages with some kind of code (by using 7-zip or Cryptshare for instance) and sent SMS messages to the receiving party. Since it is unrealistic that your own employees are going to do this you, have to find a supplier that makes this all possible.
The reason why your mail is currently NOT safe
The solutions described above are at the moment the only alternatives to send safe messages. Since we know this, at this point of the article I want to share some of the misconception I often encounter during my work:
‘We have installed TLS on our server’. This is very sensible and will for sure result in the major part of your email safely reaching the mail server of the receiving party. I often hear people claim: ‘we safely deliver 99.2% of our messages via TLS’. Very good! However, this figure has been measured afterwards. As I have described earlier in this article, since it is impossible to enforce TLS you are dependent on the receiving party answering ‘yes’ to your question whether or not he supports TLS. You are still risking the possibilities of bad people answering ‘no’ to your question. This does not happen that often, but TLS does not lower the risk either.
‘We have installed DKIM and SPF’. Very clever! This option does ensure the receiving email server that messages are being sent by you and not by anyone posing as yourself (also known as spoofing). This option does NOT ensure you that your messages are safely reaching the intended audience. The content is not encrypted and still sensitive for a men-in-the-middle attack.
‘We have already taken care of this with Office365’. Office365 also claims to support encrypted messaging. It is a bit hard to uncover what this function contains. In general it means that you as an admin can decide when encrypted emails have to be sent. The fact that this is not regularly the case gives an indication that this statement looks better than it in reality is. It means that your messages will be encrypted when you are sending them to other users of Office365. Other intended audiences however will receive a notification message. This message contains a link, after they have clicked this link they receive another message containing a code that they can use on the webpage. The admin has to create these rules and decides when a message is encrypted and when it is not. In practice this results in all kind of questions and complaints.
‘We sent our email only from our own portal’. Loosely translated: we have created our own environment in which people have to login in order to communicate with each other. That does sound a lot better, doesn’t it? The first question that arises is: did the developers do a good job in creating a safe and secure system? Have they been certified, audited and transparent in the results of their security tests? I haven’t seen many.
Another problem is that this kind of a solution asks users to change their behaviour. They can’t email anymore as they did before but have to do so in a new environment. This is manageable for employees, but for ‘guests’ this is not very user-friendly or easy accessible. Before you know, people are using detours like private email, or simply avoid the system. With all the consequences.
All of these solutions have another restriction: they only ensure you that no one will read the content of your message before it reaches the server of the intended audience. The biggest problem with email is not that the ‘door’ is not safe, but that often really weak passwords are being used. In other words, you never know if only the intended audience has access to the account.
This leads to my conclusion that real safe email is only possible if the sender chooses for a solution with 2FA. This is the only way to ensure that only the intended audience is able to read the message. Some organisations are a bit reserved when it comes to 2FA, as they are afraid that the recipient might not understand 2FA. Fortunately, the use of 2FA is used increasingly. Let’s hope that it gets adopted in standard protocols, putting the misconceptions mentioned above forever in the past. Although I have mostly mentioned the technical part of safe email in this article, more is needed to ensure safe email between organisations. During the first part of 2017, 42% of all data leaks in the Netherlands were caused by a human error. Someone sent something to the wrong person. In the health care sector this figure was even higher: 61%! The human part of email is as important as the technical part.
Regular mail, but safe!
Safe email is an important aspect of the new European privacy legislation (GDPR). Based on this legislation, a data leak can cost a company a huge amount of money. ZIVVER is a solution for safe email that is user-friendly and works with your own trusted email program. This way human errors are prevented, information is being encrypted and the control over sent information is still yours!
Some organisations are already GDPR compliant, others still have work to do to meet the legal requirements. To achieve this, a set of technical and organisational measures is required. There are many step-by-step plans on the Internet to help you with these measures. It is even more important yet to raise the awareness among your organisation’s employees. This is very […]
The GDPR is a hot topic. Due to all messages in the media, many myths circulate about this topic. A frequently-heard comment is: but it is related to privacy, and so it is forbidden under the GDPR anyway, right? To understand correctly what the law requires and what are the reasons for that, you should know what personal data are and how this differs from […]