We all depend on secure email to communicate in our professional and personal lives. From calendar events to flight confirmations, shopping receipts and personal messages of varying sensitivity; our inbox contains lots of private information about most of our and other people’s lives and activities. At the same time, we are bombarded daily by spam with everything from unsolicited marketing to phishing and malware.
But email was never designed to be secure from the beginning and although the major providers have made some efforts, the security situation is still quite bad today, especially when it comes to access to the content of our email messages and their metadata such as who sending to whom, when the message is sent, etc. This means unauthorized access to your inbox.
The major providers, such as Microsoft and Google, offer good spam protection (which, however, requires a lot of advanced knowledge on the part of the customer and active management as the default settings are only at a basic level), encrypted transmission (provided that receiving systems support this) and encrypted storage in their servers.
But at the same time they also have control over the encryption keys if the user has not uploaded and uses their own keys, which means they have full access to all your emails and they also have extensive traffic logging. Which all in all means a big threat to your and your organization’s integrity.
Eg Google uses the content of the email in its profiling of targeted advertisements, something which, however, can be turned off in their paid accounts with some effort. Another growing problem is that companies in Europe and the US are increasingly required to create authority access to their systems in order to “counter terrorism and crime”, an access which, however, is also actively used for state-based industrial espionage and constitutes a dangerous backdoor that hackers can use .
How can the protection be improved? The answer is to use email services that offer end-to-end encryption (E2EE), ie the message is encrypted in the sender’s client and decrypted in the recipient’s client with keys that only the sender and recipient have access to. This means that the message is protected (encrypted) at all times during transport and storage and can only be read by authorized persons.
However, this type of solution is often complicated to handle, but the Swiss supplier Proton has put a lot of effort into simplifying the whole thing and today you can use their service fully as the organization’s only email solution. Or as a complement to Microsoft and Google if you use their other products. Proton offers a free account for individuals and from €6.99/user/month for business accounts.
We have been working with Proton’s products for the past few years and are more than happy to help you tailor your secure email solution to your specific needs, either by completely replacing your current solution or as a complement to it. Contact us for more info, this is an important investment in your cyber security!