Understanding Email Security

Step 1: Learn Who Can Get Your Mail

Learn Who Can Get Your Mail


Internet email messages are not secure. Once the originating mail server sends them, they are routed through various computers on the Internet. Anywhere along that path, other computers could intercept them. Internal company networks (intranets) operate like the Internet, but offer greater security for sensitive data by restricting external data connections. Even on the open Internet, it is rare for messages to be intercepted for malicious reasons, but it can happen.

Step 2: Identify Financial Concerns

Identify Financial Concerns


What bank accounts do you have, and how much money is in each account? What about accounts with investment firms? What are your credit card numbers and expiration dates? You would normally keep this information secret from the general public, and for the same reasons you want to be careful about sending financial information in email. Trusting the recipient is not good enough, because the path to that recipient is not secure.

Step 3: Watch Those Card Numbers

Watch Those Card Numbers


Even businesses that sell goods online usually refuse to do business with credit card numbers sent in email. Web sites can be made almost completely secure by using encryption (secret codes) but email messages are sent "in the open" and are not secure. Be suspicious of email messages claiming to be from a legitimate store, and requesting a credit card number via email. The "from" address in an email message can be faked.

Step 4: Mentioning Other Numbers

Mentioning Other Numbers


For the same security reasons as for credit card numbers, it is not a good idea to send other financial or personal information in email. This includes account numbers, expiration dates, Social Security numbers, birth dates, sensitive information from your business, and passwords. Again, corporate networks are more secure for these types of information.

Step 5: Using Encryption

Using Encryption


Some email programs have a feature called "email encryption" which scrambles an email message and gives you a key which must be entered at the far end before the message can be read. Because encryption schemes can be cracked, email encryption is not as trusted for security as is a secure web site.