Email Or Efail: The Truth Behind Email Encryption
Rather than eliminate encryption, nip the threat by disabling HTML rendering
Email encryption is currently a controversial topic in the cybersecurity world. If you read WIRED or the The Washington Post, you might believe the sky is falling and that you should stop using email encryption right now. If you don’t, advanced hackers might take advantage of weaknesses that exist within widely used encryption programs to steal your data. It can be difficult to determine whether encrypted email is safe to use.
What Is Email Encryption?
Email encryption is designed not so much to prevent the interception of messages, but to render a message useless to someone who has received it without the proper credentials. Unfortunately, researchers have discovered that hackers can now intercept an email, manipulate how a message is processed and read the plain text once the message is downloaded from a server. This attack, called eFail, can leave emails vulnerable.
Email encryption has flaws, but it’s not your biggest security threat.
IT experts have been warning for years that there are inherent weaknesses in any OpenPGP and S/MIME ecosystem. But a bigger risk than eFail are employees who lack basic cybersecurity skills and still click on unknown links or open unsafe attachments. Yes, eFail is something to be aware of. But, as with any news these days, one must read past the headlines and hype to determine the actual facts – and in this case, most organizations would be better off leaving their encryption alone and training their employees to avoid phishing attacks and ransomware.
Please select this link to read the complete article from OSAE Member thinkCSC.