Security for free: Don't trust everything in e-mail

Opinion

Security for free: Don't trust everything in e-mail

E-mail security has several threads, as there is a wide range of vulnerabilities. We have all heard about the Love Bug, BadTrans, and malicious code in attachments or e-mail messages has become a serious threat.

Most of these make use of convenience facilities - click-to-open file associations; HTML e-mail formatting; macros in attached documents; e-mail preview - which therefore constitute hazards.

So turn off these features and learn to put up with the limited inconvenience that goes with being more secure.

Confidentiality is at least as important in business. E-mails are, by default, sent in clear text across a connectionless Internet. Every waystation has to store the message, for a while at least, so any number of unknown and untrusted computers hold, and may retain, copies of e-mails sent.

Encryption can help, but standards are still not well defined, so although you can co-operate with a regular correspondent to use compatible encryption, messages to new customers are a different matter.

It is also easy to forge an e-mail: the sender address in the "from" field is not a trustworthy indication of the source. Digital signatures can help, but both parties have to support the same standard. So if an e-mail looks odd in any way, use your loaf - phone the apparent sender and check.

Finally, as an e-mail now has the same validity in some aspects of law as a written document, it could come back and bite you, so never send confidential or contentious information in an e-mail. Above all, stay alert and don't fall for the obvious.

Mike Barwise is a consultant at www.computersecurityawareness.com/

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in July 2002

 

COMMENTS powered by Disqus  //  Commenting policy