11 Aug 2016

Preventing an “Assange October Surprise”

Author:

Does your news feed closely resemble the plot of a Russian spy novel? It certainly might if you’ve been following the recent drama and mudslinging between the Democrats, the Russian government, the FBI, and the CIA, following the public release of private DNC emails. And that’s before the warnings of an “October Surprise” promised by WikiLeaks founder Julian Assange. Assange is threatening to release more confidential emails before the November election. Who needs fiction?

We can’t explain the media circus or separate their facts from fiction. But we can explain, in basic terms, the three main types of email encryption services available today, that can help protect your sensitive emails.

1. True Direct Delivery – Email encryption services that use “True Direct Delivery” wrap email messages in encrypted PDF files that are delivered directly to the recipient’s inbox. This is a “strong crypto system” because (a) the message content is not stored in the middle, (b) content is truly delivered to the recipients’ desktops encrypted using AES 256 bit encryption, and (c) the content remains encrypted at the recipient endpoint to prevent a potential breach. This is the method used in RPost’s RMail service, and RPost has made it easy to send these from Microsoft Outlook, Gmail, and iPads, for both compliance and personal privacy.

2. Secure Store and Forward – This is a multi-step recipient retrieval process and it often leads to recipient complaints. This type of system stores your message content on a third party server and sends a link to the recipient to set up a username and password to download the content. Third party servers are often managed by a third party company with unknown security practices. Data can be hacked on the server before or after you access your message. Content storage duration is often unknown.

Store and Forward is also cumbersome. The last thing your clients need is to create another login and password, simply to access an email you’ve sent them.

3. Public Key Exchange – This is a secure system that is extremely complex. The organizations that use this method include the Department of State and the Department of Defense. It is secure but very complicated to use when communicating with external parties. Public Key Exchange involves exchanging public encryption keys among contacts (PKI Digital Certificates). Users have to purchase and install digital certificates, manage the expirations, ensure their recipients have exchanged public keys, and use a compatible email program such as Microsoft Outlook desktop software. If you are sending messages to a client and they do not have their own public key, the system won’t work.

The best way to enforce a secure messaging system in your office is to select a “strong crypto system” that makes it easy for both senders and recipients to protect sensitive message content and file attachments. For many, the ease-of-use of True Direct Delivery-based services such as RMail is a deciding factor.

To learn more about RMail email encryption, click here.