E-gad! E-mail Security Gets More Complex
First out of the chute: Don’t fall for the CNN.com Top News e-mails or the MSNBC.com Top News e-mails. They are fake and dangerous. If you click, you’ll get a load of sophisticated viruses.
Second, with billions of e-mails and Instant Messages flying across enterprise and personal computers and cell phones daily, it’s no wonder that there are growing security and privacy headaches. And, there is no doubt that e-mail traffic can run you over coming and going. With the increase in gas prices, corporations and government agencies are encouraging – if not giving up on trying to stop – telecommuting.
However, personal and private information related to both employees and their employers may be compromised by telecommuting staff if privacy risks are not dealt with effectively, according to a report developed by Ernst & Young LLP and the Center for Democracy and Technology.
Get a Crush on Smishing
And it’s no surprise that the geeks and vendors have coined new cyber world words in the never-ending effort to keep up with the explosion of e-mail-centric threats.
There’s smishing: A recent trend that usually involves use of VoIP phone number accounts obtained through e-mail phishing attacks. Recent evil e-mail devices (CNN.com, for example) no longer distribute viruses as an attachment, but rather host the virus on a Web site and distribute e-mails that link to it. And today a crush is not puppy love or a soft drink but it’s an attack distributed through SMS messaging, e-mail and social network communication that entices users to login to a Web page and unknowingly opt in for a premium rate SMS service.
Karl Anderson has his eye on the various security concerns centering on e-mail.
Network security manager at Domino’s Pizza, he said, “At Domino’s we are in the process of implementing a corporate-wide data loss prevention initiative to avoid any accidental loss of private or proprietary information. We realized that e-mails being sent to partners and vendors, such as insurance providers, may contain information, like Social Security numbers, that must be encrypted before sending.”
So the giant pizza retailer brought in technology -- SecureMail from Voltage Security -- to provide corporate-wide e-mail protection by easily encrypting e-mails containing sensitive corporate or private personal information being sent to anyone, anywhere. It’s part of a corporate-wide data loss prevention initiative. “I can’t imagine any company not needing this,” said Anderson, who was surprised to find an enterprise solution that integrated so easily within his existing infrastructure, and one that required little -- if any -- end-user training.
The system will encrypt e-mails sent between corporate headquarters in , and among key partners and vendors. The technology automatically flags those e-mails containing sensitive data and encrypts them prior to sending. Decisions about encryption are based on pre-set policy, not by individuals on a one-off basis. A secure application enables the recipient to read an encrypted e-mail without first downloading and installing client software.
Still there is the other side of the coin.
University of Iowa police are glad one of their political science professors did not encrypt his e-mail. The police recently gathered dozens of e-mails sent to and from the professor’s UI account in which messages allegedly offered improved grades in exchange for sexual favors from female students.
The professor’s e-mails to several students allegedly mentioned setting up meetings to talk about a grade, extensions for work or assistance and an offer from the professor to “negotiate,” according to media reports.
The retrieval of enterprise and personal e-mail has become big business as law enforcement and Federal and state regulators find evidence and supporting documents in the never-say-die e-mails.