Email transmission from sender to receiver has 3 stages, sender’s laptop/mobile to sender’s service provider, sender’s mail service provider to recipient’s mail service provider and recipient’s mail service provider to recipient’s laptop/mobile. Any secure mail transmission should ensure that mail is protected against eavesdropping at each of the stage. Here’s how business email can be secured in all 3 stages of email transmission:
- How to ensure security while sending mail:
A. Ask service providers for use of secure ports: Service providers offer secure access to email by providing ‘secure ports’ for sending and receiving email. These secure ports use the same HTTP, POP3, IMAP and SMTP protocols to send and receive email, but over a secure channel created by a technique called SSL (Secure Sockets Layer). SSL encrypts the mail transmission between sender’s laptop/mobile and sender’s mail service provider. A mail service provider not only should offer SSL encrypted transmission but also be able to enforce it by blocking non secure ports
B. Secure your office network: Those who deploy their own email server in their office premises, data security between the mail server and the end user’s email client is ensured by securing the office network by means of deploying VPN software’s or other security equipment’s.
C. Avoid using public internet: Sending mails from public internet like airport wifi or wifi provided by hotels may not be secure always. As the public network is shared among users, hackers will be able to peek into the email transmission.
- How to ensure security during mail transmission (sender’s server to recipient’s server)Since email uses a ‘store-and-forward’ method rather than a ‘peer-to-peer’ of data transfer, only securing access between your email client and your service providers server might not be enough. There has to be some means of securing the channel between service providers too.Transport layer security protocol (TLS) ensures data transmission between two servers is completely secure. TLS is really the successor of Secure socket layer protocol (SSL) and latest versions of TLS are far more secure than SSL.Service providers world over are adopting the STARTTLS way of making communication between them secure using the method of ‘Opportunistic Encryption’ and thus ensuring end to end security in sending and receiving emails. A secured email service provider will ensure that your important business emails remain protected.
- How to ensure security while receiving mails:Security recommendations while receiving mails are not very much different from that of sending mails. In addition to accessing mails over SSL encrypted channel and securing own network, restricting access to mails only within trusted network is very important. Users should not be able to receive and read mails, if they are accessing mail from cyber café or home internet.
- Replace ‘@’ with ‘at’ while mentioning your email address in a blog or article online.
- Be extra cautious while opening an attachment from an unknown sender.