Wednesday, September 14, 2016

Email encryption? Who really cares!

So, I finally took advantage of the low mortgage rates I've seen advertised all over the place and refinanced my house.   I was excited! The bank I applied for the mortgage through was able to do just about everything online, using a combination of Adobe PDF delivery mechanisms and a portal to upload documents required for the mortgage.  

In typical fashion, something broke with their portal and I needed to send one last document to the bank.  My options were to either drop it off at the local branch or send it to them via email.

As it is, with my job, I have many tools at my disposal in order to send messages encrypted through email, but I decided that I really didn't want to use any of our systems at work since I like to maintain a separation between personal business and work.

Hmm, what should I use within my personal email account to encrypt this stuff? Should I zip it and password protect the file?  That sounded like a good idea, but then I started to think of the risk involved with me just sending the stupid PDF.  Do I really care? I mean, what could happen? Is there a chance that some hackers are a just standing by at Comcast headquarters with one of the switches port mirrored, looking for stuff coming off of the residential backbone? I guess it's possible, but what are the chances? Are we really going overboard with this email encryption stuff? Do we REALLY need it?

Unfortunately, in reality, the answer is yes... We do need it.  The biggest problem is that you don't know what's happening between the two endpoints. You can't put your faith in a gut feeling that there won't be any evil happening once the data hits he Internet or that the infrastructure is somehow too big or obscured enough to even allow the capture of your "one in a billion" packets that pass through in a nanosecond.  Since you don't have any control or visibility of what happens between the originator and he receiver, you just can't take that chance with sensitive data assets.

I teach at a college here in Chicago and one of the assignments I have the students in my Information Security course complete is research on something called Room 641A.  Google it... You'll have fun.

(As posted on LinkedIN)

No comments: