Email encryption – a few common fallacies

The dawn of GDPR is upon us.  All email now need to be encrypted right?

Depends!

There are common misconceptions surrounding emails and encryption and security in general.  First of all, let us consider the way things were a few years ago.  All emails sent in plain text –  a bit like a postcard – the postman could enjoy reading it and nobody is any the wiser.  Also in those days usernames and passwords sent in plain text – same problem.  Now the World is a much less trusting place and these approaches no longer cut the mustard.  So what should you do?

Encrypted channel

This is a bit like sending your good old fashioned postcard but this time inside a tinbox with a seal on it.  The postman will have to look elsewhere for his thrills.  The postcard is still in plain text but a man-in-the-midde is unable to intercept it.

Encrypted email

This time the email contents are treated to a cipher which renders them unreadable and makes them unintelligible to the recipient without the password you choose.  This is akin to the prying postman being able to look at your postcard but it is written in Martian and he only speaks English.  Added to which he doesn’t know it is in Martian!

Encrypted channel & email

Of course you can do both, which is the most secure option of all.

Practicality

Come the glorious day of the 25th May it will not, even then, be practical to send all of your emails in a totally encrypted way.  I would certainly recommend it for sensitive data though and we can supply software to help with this.  This same software can be used to encrypt files and folders on your PCs, laptops and servers too.

I would always recommend that you use an encrypted channel for your emails wherever possible.  Make sure TLS/SSL is turned on, and encrypt your passwords.

 

Help with GDPR

Ok, I have weakened!  I resisted the temptation to harp on about GDPR for a long time.  Now in the week of the enactment of the UK law I find myself writing about it.  Why?

Frankly I have been quite nauseated by the feeding frenzy exibited by IT distributors and consultants generally relating to this new data protection law.  The scent of blood in the water is just too much for many it seems and the idea that they can swoop in and make mega bucks from a poor frightened client is just too much for them!

Let me say right now we are not after your blood, nor more than a reasonable amount of your money.  We are in a position to help you with your GDPR compliance with respect to the IT matters it touches upon.  We can help you secure your emails and your PCs and servers.  Encryption is not mandated by GDPR but it will never be a bad thing to be able to say in your defence that it had been implemented should a data breach ever occur.

Solutions, not snake oil.

Please drop me a line with your requirements outlined.

WiFi in the potting shed

Or the polytunnel, tool store, wood cabin, holiday cottage, barn, studio, ty bach, or whatever.

Here is the scenario; you have decent internet in the house but you find that the wirless hub that came with it just doesn’t reach itself through the 2 feet of granite, tin sheets, cob walls or straw bales.

Who you gonna call?  Well us of course!

We have providing local homes and businesses with wireless bridges for some years now and we have learned the ins and outs, plusses and minuses and common pitfalls, so you don’t have to.

We can set you up with such a bridge between your house/office and external building.  It is not, now, uber expensive and we always take a care for the finshed installation, including essential kit such as lightning protectors, so you’ll be safe as well as connected.

Please contat us for details.

Conficker is dead. Or is it?

Cast your minds back to 2009.  A nasty new internet worm is abroad and rampant.  These were the days of Conficker.

A lot has been written about this threat in the past.  The impact in 2009 was huge, with over 10 million infections and some of the compromised networks included the UK Houses of Parliament, and the UK MoD.  Embarrassing!  The worm was effective because it embodied multiple attack vectors simultaneously.  It famously exploited a weakness in Microsoft’s Netbios and took advantage of weak passwords.

So why mention this now?  Well, just last week a customer had their internet connection shut off because the ISP detected the tell-tale signs of Conficker – DNS requests for Conficker sinkholes coming from the customer’s router.  This cost the customer a lot in hours of support while we painstakingly scanned their network, strengthened passwords.  After a lot of searchng we found the culprit machines to be tills runnng Windows XP, with no Windows updates, hence prone to infection.  There is a moral here: expect the unexpected.  The pcs and laptops of the firm were reaonably up-to-date with Windows 10, AV protection, and updates.  No one thought the tills were a vector!

Thankfully I had been urging this customer to sign up to our AVG Managed Workplace service. This protects the customer by monitorng the devices on a network and making sure they get approved Windows patches and antivirus protection.  They had held off because of the (I would say reasonable) monthly cost.  Now they know how reasonable the monthly cost is versus the unexpected one of a virus outbreak, so they are going ahead with the AVG.  A lesson learned!

What steps can you take to protect yourself?

  • Make sure you have Windows Update working properly
  • Make sure you have effective antivirus
  • Consider the configuration of your firewall – you can use this to protect yourself and log any “dubious” traffic.
  • Be careful with Windows settings, such as “Autoplay”.  Allowing alien usb memory sticks onto your network can exploit weaknesses here and should be a no-no.

Alternatively, make life simple for yourself and engage a local friendly IT firm who can automate much of this for a small monthly fee.  We would be glad to do it for you and the cost is around £3 per machine, per month.  Not much for a whole lot of peace of mind.