E-mail security has several threads, as there is a wide range of
vulnerabilities. We have all heard about the Love Bug, BadTrans,
and malicious code in attachments or e-mail messages has become a
serious threat.
Most of these make use of convenience facilities - click-to-open
file associations; HTML e-mail formatting; macros in attached
documents; e-mail preview - which therefore constitute hazards.
So turn off these features and learn to put up with the limited
inconvenience that goes with being more secure.
Confidentiality is at least as important in business. E-mails are,
by default, sent in clear text across a connectionless Internet.
Every waystation has to store the message, for a while at least, so
any number of unknown and untrusted computers hold, and may retain,
copies of e-mails sent.
Encryption can help, but standards are still not well defined, so
although you can co-operate with a regular correspondent to use
compatible encryption, messages to new customers are a different
matter.
It is also easy to forge an e-mail: the sender address in the
"from" field is not a trustworthy indication of the source. Digital
signatures can help, but both parties have to support the same
standard. So if an e-mail looks odd in any way, use your loaf -
phone the apparent sender and check.
Finally, as an e-mail now has the same validity in some aspects of
law as a written document, it could come back and bite you, so
never send confidential or contentious information in an e-mail.
Above all, stay alert and don't fall for the obvious.
Mike Barwise is a consultant atwww.computersecurityawareness.com/