Email encryption – a few common fallacies

The dawn of GDPR is upon us.  All email now need to be encrypted right?

Depends!

There are common misconceptions surrounding emails and encryption and security in general.  First of all, let us consider the way things were a few years ago.  All emails sent in plain text –  a bit like a postcard – the postman could enjoy reading it and nobody is any the wiser.  Also in those days usernames and passwords sent in plain text – same problem.  Now the World is a much less trusting place and these approaches no longer cut the mustard.  So what should you do?

Encrypted channel

This is a bit like sending your good old fashioned postcard but this time inside a tinbox with a seal on it.  The postman will have to look elsewhere for his thrills.  The postcard is still in plain text but a man-in-the-midde is unable to intercept it.

Encrypted email

This time the email contents are treated to a cipher which renders them unreadable and makes them unintelligible to the recipient without the password you choose.  This is akin to the prying postman being able to look at your postcard but it is written in Martian and he only speaks English.  Added to which he doesn’t know it is in Martian!

Encrypted channel & email

Of course you can do both, which is the most secure option of all.

Practicality

Come the glorious day of the 25th May it will not, even then, be practical to send all of your emails in a totally encrypted way.  I would certainly recommend it for sensitive data though and we can supply software to help with this.  This same software can be used to encrypt files and folders on your PCs, laptops and servers too.

I would always recommend that you use an encrypted channel for your emails wherever possible.  Make sure TLS/SSL is turned on, and encrypt your passwords.

 

Help with GDPR

Ok, I have weakened!  I resisted the temptation to harp on about GDPR for a long time.  Now in the week of the enactment of the UK law I find myself writing about it.  Why?

Frankly I have been quite nauseated by the feeding frenzy exibited by IT distributors and consultants generally relating to this new data protection law.  The scent of blood in the water is just too much for many it seems and the idea that they can swoop in and make mega bucks from a poor frightened client is just too much for them!

Let me say right now we are not after your blood, nor more than a reasonable amount of your money.  We are in a position to help you with your GDPR compliance with respect to the IT matters it touches upon.  We can help you secure your emails and your PCs and servers.  Encryption is not mandated by GDPR but it will never be a bad thing to be able to say in your defence that it had been implemented should a data breach ever occur.

Solutions, not snake oil.

Please drop me a line with your requirements outlined.

WiFi in the potting shed

Or the polytunnel, tool store, wood cabin, holiday cottage, barn, studio, ty bach, or whatever.

Here is the scenario; you have decent internet in the house but you find that the wirless hub that came with it just doesn’t reach itself through the 2 feet of granite, tin sheets, cob walls or straw bales.

Who you gonna call?  Well us of course!

We have providing local homes and businesses with wireless bridges for some years now and we have learned the ins and outs, plusses and minuses and common pitfalls, so you don’t have to.

We can set you up with such a bridge between your house/office and external building.  It is not, now, uber expensive and we always take a care for the finshed installation, including essential kit such as lightning protectors, so you’ll be safe as well as connected.

Please contat us for details.

Conficker is dead. Or is it?

Cast your minds back to 2009.  A nasty new internet worm is abroad and rampant.  These were the days of Conficker.

A lot has been written about this threat in the past.  The impact in 2009 was huge, with over 10 million infections and some of the compromised networks included the UK Houses of Parliament, and the UK MoD.  Embarrassing!  The worm was effective because it embodied multiple attack vectors simultaneously.  It famously exploited a weakness in Microsoft’s Netbios and took advantage of weak passwords.

So why mention this now?  Well, just last week a customer had their internet connection shut off because the ISP detected the tell-tale signs of Conficker – DNS requests for Conficker sinkholes coming from the customer’s router.  This cost the customer a lot in hours of support while we painstakingly scanned their network, strengthened passwords.  After a lot of searchng we found the culprit machines to be tills runnng Windows XP, with no Windows updates, hence prone to infection.  There is a moral here: expect the unexpected.  The pcs and laptops of the firm were reaonably up-to-date with Windows 10, AV protection, and updates.  No one thought the tills were a vector!

Thankfully I had been urging this customer to sign up to our AVG Managed Workplace service. This protects the customer by monitorng the devices on a network and making sure they get approved Windows patches and antivirus protection.  They had held off because of the (I would say reasonable) monthly cost.  Now they know how reasonable the monthly cost is versus the unexpected one of a virus outbreak, so they are going ahead with the AVG.  A lesson learned!

What steps can you take to protect yourself?

  • Make sure you have Windows Update working properly
  • Make sure you have effective antivirus
  • Consider the configuration of your firewall – you can use this to protect yourself and log any “dubious” traffic.
  • Be careful with Windows settings, such as “Autoplay”.  Allowing alien usb memory sticks onto your network can exploit weaknesses here and should be a no-no.

Alternatively, make life simple for yourself and engage a local friendly IT firm who can automate much of this for a small monthly fee.  We would be glad to do it for you and the cost is around £3 per machine, per month.  Not much for a whole lot of peace of mind.

 

To Purge or not to Purge…

That, for Princes of Denmark, and everyone else  is, of course, the question:
Whether ’tis Nobler in the mind to suffer
The Slings and Arrows of outrageously large Outlook profiles,
Or to take Arms against a Sea of emails,
And by opposing end them.

To what do we owe this hideous mangling of the bard’s words?  I seek to enlighten users of Outlook on this vexatious topic.  Purging here refers to the final deletion of emails that you have already placed in the deleted folder.  To use current terms it is “hard” deletion rather than “soft” deletion.  Once you have purged the emails they are gone for good – the only way back is to find them from a backup – if you have one.

So why would you purge?  The idea is to minimise the size of your Outlook .pst file, or profile.  Over time the profile grows and performance becomes sluggish.  You may experience instances of the dreaded “Outlook is not responding”.  Purging makes it all better.

You can purge manually or automatically: Microsoft tells you how.

 

 

Why does Word screw up URLs?

I’ve been using Word for a long time – more than 20 years!  I recently stumbled upon a “feature” which has caused me a bit of grief over the years and how to turn it off!

This is described in a Microsoft article, on using absolute hyperlinks.

The thing is that the option to use an automatic relative hyperlink is selected by default.  So unless you un-select it those lovingly crafted absolute links of yours along the lines of http://mydomain/webthingy/index.html will get turned to files:///c:users/dopeyworduser/appdata/webthingy/index.html when you save!

Perhaps someone could point out to me the benefit of having this defaulting to “on”?  I ask this as a long time “Dopey word User” who now knows better.

What are my email settings?

Mail settings you might need when we are your email provider

 

Name of setting      Setting Description
Full Name Choose your sender name as you would like it to appear in messages that you send. Example: Eric Flounder
Email Address Your email address for this account, such as flounder@flyingflounder.co.uk
Incoming mail server settings – use the bold settings
These settings are for downloading messages (receiving email) from your email provider’s mail server.
Account Type Choose IMAP*, POP  IMAP
Description Choose the name that Mail will use for your account, such as Job or Home
Incoming Mail Server (host name) The host name of the incoming mail server, such as mail.domain.com. mail.flyingflounder.co.uk
User Name Your user name is the same as your full email address as your user name. flounder@flyingflounder.co.uk
Password The email password you use to sign in to your account. as supplied by us
Port The port number used by the incoming mail server. Common port numbers for incoming mail are 143 and 993 for IMAP accounts, and 110 and 995 for POP accounts. Port 993
Authentication Choose Password, MD5, NTLM, Kerberos, or None, as directed by your email provider. Password or MD5
Use SSL? Does the incoming mail server support SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption? STARTTLS
Outgoing mail server (SMTP) settings – use the bold settings
These settings are for uploading messages (sending email) to your email provider’s mail server.
Outgoing mail server (SMTP) The host name of the outgoing SMTP (Simple Mail Transfer Protocol) server, such as smtp.example.com.mail.flyingflounder.co.uk
Port The port number used by the outgoing mail server. Common port numbers for outgoing mail are 25, 465, and 587.Port 587
Use SSL? Does the outgoing mail server support SSL or TLS encryption? STARTTLS
Authentication Choose Password, MD5, NTLM, Kerberos, or None, as directed by your email provider. If None, you may need the additional settings below to send email when you’re on a different network, such as from a Wi-Fi hotspot or Internet cafe.  Password or MD5
 We are here, and happy to help if you get stuck!