We explain why using conventional email platforms puts your business and personal information at risk from cyber attacks, and why you should switch to secure encryption messaging apps to protect your assets.
Updated 5 January 2018 v1.0
Disclaimer: we are not affiliated to any of these companies. There is no affiliate marketing in place through the links provided below for your convenience.
Stop Putting Your Security At Risk
The Internet has made the ability to do global business more efficient, streamlining communications, providing an arena to share files and information in an instant – but with that convenience also comes with a lot of risk.
For criminals, competitors and other individuals with nefarious intentions, storing and sharing the valuable business information of your company, clients, and personnel online offers a rich opportunity for hackers to steal these assets and cause serious damage to your organization.
And what is one of the most easily targeted points of entry in a cyber-security attack? Your email.
In fact “how to hack a Gmail account” is one of the most searched account hacking topics on the Internet today. Although the practices of email hacking, phishing, and spam are not new, with more communication done online now along with the ever evolving sophistication of hackers, the risks to companies have become far greater.
The Financial Cost Of Emailing
For businesses, a security breach via email can end up costing the company millions of dollars in liability and lost revenue. In 2016 the total average cost of a security breach was approximately $7.01 million dollars.
While most people do not understand how the costs of data breach can quickly add up, here are just a few of the reasons why security breaches can be financially devastating to an organization:
- Remediation.
- Loss of Customers.
- Business Disruption.
- Regulatory Fines.
- Legal Costs.
- Public Relations.
- Breached Client Records.
- Direct Financial Loss.
- Notification Costs.
- Credit Card Reissues, Identity Theft Repair and Credit Monitoring.
Currently, there are 4.9 billion email addresses worldwide. According to Avatier’s timeline of email security breaches, in just two years, there have been 6,789 email data breaches globally. And in that short timeframe, 886.5 million records were compromised, a total that is more than double the U.S. population.
In the fast-paced business world, email can also be another type of liability – one of procrastination. How many times have you sent an email, even marked it urgent, and the recipient takes a lengthy time to respond? How many times has important information become lost in lengthy, tedious email chains amongst several people? How about when someone sends you an important file but it gets placed into the wrong folder due to an overly aggressive spam filter, or it gets deleted due to the barrage of emails you waste so much time trying to clean out of your inbox throughout the course of the day?
While you have the illusion of safety with a long form, secret password that only you know for your email, without end-to-end encryption your conversations are an open target for unethical individuals. Therefore, despite the fact that email is such a prevalent part of our business and personal lives, it has simply become too outdated to provide the level of security necessary in today’s digital environment. You can also see our article on Data Privacy in the 21st century.
How To Safeguard Your Information.
The future of business messaging is here and it has taken the form of encrypted messaging apps.
For those unfamiliar with the terminology, end-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. The systems are designed to defeat any attempts at surveillance or tampering because no third party can decipher the data being communicated or stored.
This is ideal because when two or more devices communicate via an app that features this level of security, the information will be transmitted using a secret code rather than insecure plain text.
For individuals and businesses looking to truly protect their information, this practice is the way forward.
Login vs. email:
When registering with an email provider, they’ll ask you to create an email which will be used as login and a password. So the usual thing to do is to have a password manager so as to create a very strong password, you can see our article on Password Manager.
But the security weakness here is that hackers using social engineering are going to assume your email is your login, when on top of that the name of the provider is spelled into the email, like gmail, yahoo, outlook, yandex etc., it’s a piece of cake to get access, the password can be obtained through social engineering or brute force. The way to remove that weakness is to create a login that will not be used as email for communication and that is difficult to guess, since we’re using a password manager we can create something like urQP6V72EAuHzq3QF8fS7@tutanota.com with another difficult password all of that stored into a password manager.
Then we create aliases to give round.
Use aliases to compartment
Spy-services are sharing data and are using emails and phone numbers to link profiles. So if one is using the same email everywhere especially with participants of the Prism program, chances are data will be agglomerate and that person will end up in an internet bubble, with all its searches conducting him/her to buy specific items or find specific topics.
When a database is breached, the email is going to be available on the darknet first, then on the clearnet. From there, the email is going to be used by plethora of hackers trying to get access to the mailbox and by using one alias specific for each registration, when a database is breached and you use separate emails for different functions, then only one email is compromised.
There are many websites that don’t offer a way to delete your account, very often most of these email providers don’t allow you to do so. It means that when you want to cut ties with them, the only way to do so is to deactivate the associated email, which is something you can do only if you use one alias per website.
For general communications, you can create an alias to be used during the calendar year. Which means it is now possible to start each year with a new email that you give to people you want to stay in touch with, and deactivate the email from the previous year, which shields your privacy by limiting the attack's scope and the exposure you’re subject to.
At minimum, open-source end-to-end encrypted email software and freemium hosted secure email services such as Tutanota or Protonmail should be utilized over email providers like Gmail and Outlook. You can also refer to our article on Tutanota vs Protonmail to know which of the two options suits your budget.
However, for those looking for a solution with a true emphasis on security, apps such as Threema, Wickr, and SafeUM will provide the results you’re after. You can likewise refer to our article on Threema to have a full grasp of it, the various pros and cons it has should you decide to use Threema.
These are just a few of the brands placing a heavy emphasis on security and user privacy. Unlike other popular messaging apps (including those claiming to use encryption), even Swiss-based Threema’s server operators have absolutely access to read your messages.
If you value the privacy of your information and are looking for assurances that your data or metadata won’t be shared and available to third parties, these apps are the right choice for you.
Download one of them today and be rest assured knowing that your information is safely encrypted and secure.