The more modern way is to use an email provider such as Proton Mail that already has PGP built-in. One way is to train all employees to use PGP, a system for end-to-end email encryption.
There are several ways for an organization to implement end-to-end encryption. Furthermore, in the event that a client device is hacked, only a single encryption key is compromised, and not the keys to the whole system, since each client has a different encryption key. The risk is significantly reduced because compromising the email server does not leak any email contents. In email systems with end-to-end encryption, the decryption keys are accessible only to client systems, and each client has a different decryption key, making a large scale email compromise difficult to accomplish. In classical encryption schemes, the decryption keys are available to the server, which is akin to putting the padlock and the key in the same place, which largely negates the advantage of having a lock in the first place. This means there is no way for a hacker with access to the email server to decrypt the encrypted emails because the server itself does not possess the decryption keys. With end-to-end encryption, the server does not have access to the decryption keys. It is important to note that there is a major difference between encryption and end-to-end encryption. If all email is encrypted before it arrives at the server, then a breach of the email server will not cause sensitive email contents and attachments to be leaked. The security advantages of this approach are clear. Use email with end-to-end encryptionĮnd-to-end encryption is a technology which encrypts all data before it is sent to a server, using an encryption key that the server does not possess.
When it comes to email, there are actually several concrete steps which can be taken to greatly reduce the risk associated with an email hack. If we are forced to accept that hacks cannot be prevented, then the security emphasis is no longer on keeping the intruder out, but minimizing the damage after security systems have been breached. What is required is tackling the issue on a different level and viewing data security from a different perspective. While it may feel that there is no hope for cybersecurity, this realization actually provides remarkable clarity for how we should protect data in an increasingly dangerous environment. If even the NSA was breached (new window), it’s safe to assume that every organization can be hacked. This in fact is the correct thinking, and should be the mindset security professionals have when thinking about data breaches. When confronted with this trend, one might think that email hacks are inevitable, and that any organization can be hacked sooner or later. Other past victims include Sony Pictures (new window), the Democratic National Committee (new window), and Yahoo (new window) (new window) Mail (new window). While the trending topic this week is the Deloitte hack (new window), this is only the latest in a long string of email hacks. As businesses go digital, email data is becoming increasingly valuable for hackers. It should really come as no surprise that email hacks are on the rise. There are however reliable ways to prevent email breaches, or reduce their impact. These days, email breaches are becoming increasingly common for enterprises.
Intruder combat training 1 hacked update#
Last update on MaPublished on September 27, 2017
0 kommentar(er)
