How to Secure Emails?

There are two major ways through which emails can be made secure.

First is through using a client that provides the necessary security and second through the use of encryption to secure the content of the emails itself.

Let us examine both the ways one by one through 5 main points that may be used to secure emails.

Use of a secure client

The piece of software that is used to compose, send and receive emails from your desktop system is known as an email client.

There are quite a few desktop clients that are available to choose from when one wants to select one. Examples of email clients are Outlook, thunderbird, bat, etc. On the other hand most users would be using public mail services like Yahoo, Hotmail, Gmail, etc. to send and receive emails.

In such cases, the users would be using browsers to send and receive emails through these web mail services. Then in this case, the browsers would act as the clients for the webmail. We would be concentrating here on desktop based email clients for our discussion.

To choose an email client, the foremost method would be to open the website of CERT handled by the Carnegie Mellon University and check for the list of vulnerabilities that have been reported for the email clients. As of this writing, there are about 1010 listed vulnerabilities for outlook, 150 entries for tiger mail, 100 entries for thunder bird, 7 entries for RIT lab’s Bat.

These numbers do not point to the fact that the one product is more vulnerable than the other. The fact that outlook is the most popular client for emails across the globe, it has been investigated, probed and fiddled around with the most and as a result the vulnerability list is so high.

The Bat seems to be the most secure out of all mail clients that are available with only 7 vulnerabilities reported.

Another criterion that may be used is the usability criteria. At the end of the day the email clients will be used to send and receive emails and the client that needs to be chosen should be user friendly and easy to use.

Use Text in Emails

It is always a best practice to receive and send emails in pure text format as it was intended during the initial days of design of emails and email communications. With the addition of HTML or in other words multimedia emails, there is always a risk of receiving some malicious code along with the text of the email.

Most emails clients are known to stop such kind of malicious code but it seems safer to only receive emails in textual format. So effectively having tackled the HTML emails, half of the work is done.

The other half of the issue is with the attachments that come along with the emails. To protect from attachments that might be malicious, below are some basic rules that can be adhered to at all times:

Make it a rule not to accept any attachments if it is not expected.

Make it a rule not to open any executable file until and unless there is a 100% confidence in the file and the source of the email.

Make it a rule not to open any document attachments whose sender address is not familiar or known.

For posting on forums & subscriptions, use free webmail accounts

Every now and then there will be always a possibility that the users are attracted to contents of some websites and they register to receive newsletters, subscribe to RSS feeds, post messages on their blogs using email addresses that are attached with corporate identity.

The issue here is that the use of such email addresses would expose the organization itself to spam and email based malware attacks on a large scale.

Blogs, social networking sites, collaboration networks all are secure to some extent, but the hackers are also sophisticated and they are known to develop crawlers that crawl through such sites and harvest email addresses. These harvested email addresses are then used to send SPAM emails and often malware as attachments.

If corporate email addresses are used to there is always a danger of receiving mail that has some form of 0-day malware attached to it which would eventually result in the infection of the system if opened and hence compromise of the whole network ultimately.

If webmail is used, there is always a possibility that the service providers of such networks are already on top of the latest security trends and are already aware of the latest malware that is distributed across the globe. So they will be able to filter out such messages easily.

And using webmail would reduce the danger of email getting downloaded directly onto the hard drive of the system from which the mail is accessed and hence will protect from most kinds of malware

Use of additional layer of defense

It is not always enough to use a secure client or only use text based emails or making rules of not opening attachments that are not known.

There has to be additional layers of security that need to be put in place to effectively stop SPAM, or block attachments that are infected.

The use of antivirus, antispyware and SPAM filtering solutions along with the above 3 mentioned points would definitely increase the security of the computer system along with effectively blocking out malicious email attachments, SPAM and unwanted emails.

With the use of multi layered defensive approach, almost 99% of the emails will be secured and keep the level of email security at the highest level.

Encryption of sensitive emails

The use of digital certificates while composing emails to encrypt them before sending them out. There are options of either signing the email to just make the receiver aware of the authenticity of the email or to encrypt the complete email so that only the intended recipient can decrypt the email and read the contents.

There are alternatives to buying an individual digital certificate wherein a Public Key Cryptography (PKI) infrastructure can be deployed to encrypt and sign emails for confidentiality and integrity purpose.

Most of the organizations at present have started adopting for PKI and have been harvesting the benefits of PKI like encryption, non-repudiation, integrity protection, etc.

There is another alternative as well to secure emails and that is through the use of PGP (pretty good privacy). PGP involves using sharing of keys between two users before they can send or receive emails. PGP is free and is used widely across the glove for encryption emails before being sent.

And the final option is to use third party email security solutions that allow for encryption of emails before they are sent to the recipient through the use of SSL (secure socket layer) technology which is provided over HTTPS protocol.


Related Items

Internet Security Q & A

How to prevent DoS attacks?
There are almost seven different kinds of denial of service or DoS...
How to uninstall Norton antivirus?
Norton antivirus is one of the best antivirus solutions available in the...

Internet Security Articles

YouTube Privacy Settings 101
YouTube, just like any other social networking site, offers users to share...
Facebook Privacy Settings 101
Facebook is the most popular social networking site at the moment. It...

Search

Internet Security Ads

Ask Question

Still cannot find answer for your security question?

 

Ask your question to our experts!

Copyright © 2011 SecuritySupervisor.com. All Rights Reserved.          Ask Question | Privacy | Legal | Links | Contact Us