Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Email Isn’t Dead: Killing Email Isn’t a Viable Security Solution

February 25, 2015

It seems like over the past few years there has been a near-constant stream of obituaries for email, especially considering 2014’s near-constant barrage of email related data breaches, from Sony to Comcast. Despite this, email is still king in the world of business. After all, why would you abandon a platform that has almost universal acceptance?

While think pieces frequently claim that email is dead (or dying), anyone who claims they’ve heard the death knell of email is clearly missing something – just ask the researchers behind a 2014 study that found the average user checks their email up to 15 times a day.

According to a study by the Radicati Group, over 132 billion business emails will be sent a day by 2017. Despite the onslaught of applications desperate to steal traffic away from email, the study comes to a definitive conclusion: “Email remains the go-to form of communication in the business world.”

We need email. While social media, texting, and messaging services are all great additions to our communication portfolios, email is still the central lifeline that connects everything together. Virtually any mobile device will be able to access your email account, and no OS (mobile or otherwise) will prevent you from getting to your inbox.

If email is dead, its billions of users haven’t gotten the memo.

A Flawed System

Despite its popularity, email isn’t bulletproof. 2014 was a banner year for hackers, and email certainly played a central role in multiple data breaches. If the bloggers claiming email is dead have a point, it’s that email was never designed to be secure. It’s hard to blame the original creators of email for this, though, as there’s no way they could have realistically predicted just how the technology would take off, nor could they have ever predicted the ways in which we use technology today.

The proliferation of multiple different types of devices, the weaknesses of individual email accounts, and server-side vulnerabilities each present a unique set of security threats.

Unsecured Devices

The ease of adapting email to just about any device is both a blessing and a curse. While this means that email is always available, it also means that every device you own is a potential weakness for your email account. Think about it this way: you’re likely signed in to your email account on your phone, your tablet, and any other device that you have. If those fall into the wrong hands, or if those devices are compromised in any way (through malware, tampering, or bugs in their operating systems), your email account is vulnerable.

To make matters worse, while most users wouldn’t download random programs off the Internet on their home computer, mobile users tend to be reckless when it comes to trying out apps. The end result is that a lot of users are carrying around devices that are loaded with malware. In 2014, 14 million devices were infected with malware of some sort.

Given that most mobile phones automatically log you into your inbox, the potential security threat is immense: it’s just a matter of time before mobile phones become a serious vector for email hacking, if they haven’t already become one.

Poor Account Security

Despite the fact that we store a ton of private information within our email accounts, we don’t do a whole lot to protect them from intruders. From bad passwords to security settings that remain disabled, the average email user’s account is far from secure.

Email service providers aren’t helping much, either. Many email providers hamper their own users by forcing them to use pre-defined password recovery “secret” questions, or by limiting their password length, making it much easier for hackers to guess users’ passwords. Users also aren’t enabling two-factor authentication, which prevents unauthorized users from accessing your account without first having access to some physical device in addition to your password.

Weak Server Security

Even if your device is secure, there’s always the chance that your email service provider isn’t. Take Comcast, for example, who had 34 of their email servers hacked last year. For 24 hours after the hack, the giant ISP remained quiet. Not only did they fail to immediately notify their customers of the breach, but they never told them to change their passwords.

That’s a major ISP, if not one of the largest in the United States. If their email servers aren’t secure, how can you trust your provider? If email is dead, or if it is just being slowly pushed into its grave, ISPs certainly aren’t trying to push back.

Why Email Alternatives Don’t Work

So, if email is dead because it isn’t secure, then why aren’t we running away from it? The answer is simple: convenience. Most email alternatives, like the portal systems you see in doctor’s offices, are far from user friendly (don’t believe us? Ask your doctor next time you’re in for a checkup). No matter how secure a potential alternative is, if it requires a lot of effort to setup and use, no one will bother with it except for the most extreme tech buffs.

If someone sold you a door for your house that would never let anyone in, but required you to solve a Rubik’s cube every time you had to lock your door, would you use it? Probably not, because while having bullet-proof security is great, if it slows your life down significantly, there’s just no chance anyone is going to bother with it.

Even if an app is easy to setup, it still requires widespread adoption. For most users, that means making yet another login, on yet another website. Will all of their friends and colleagues be using it? Probably not – and even if they are, what about that next client you’re going to meet? While you can guarantee that they’ll have an email address, they probably won’t share your affinity of whatever the latest “email replacement” app is.

How Encryption Can Fix Email

If email is dead (or dying), there’s one definitive way to fix email: encryption. When you encrypt data, you are making it unreadable to anyone but specific individuals that you choose. When data is encrypted, it is passed through a cipher, a type of algorithm that scrambles your data so that only a specific key can decrypt it. After data is encrypted, only individuals with that key can access it.

The beauty of encryption is its strength: most forms of encryption are based on the Advanced Encryption standard, or AES, which can provide 128, 192, and 256-bit keys. The more bits a key has, the harder it is to crack. Even if someone had access to the fastest supercomputer on the planet, they still wouldn’t be able to break into your data within their lifetime.

There are multiple email encryption solutions available to those that want to enable encryption for their inbox. The two most popular of which are PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions). Both of these technologies provide client-side encryption, meaning that your email is encrypted from the time you send your message until it is received by whoever you’ve sent it to. That means that no one — including your Internet provider and your email provider — can see the contents of your message.

Why Encryption Hasn’t Caught On

If encryption locks down your inbox, why hasn’t it caught on? Once again, the answer is convenience. Both PGP and S/MIME are difficult to set up, and are far out of reach of the average email user. Likewise, both require users to jump through pretty huge hoops in order to use them with other individuals.

With PGP, you are required to perform a key exchange with anyone you’re trying to communicate with. Not only does this mean that everyone you send email to has to have PGP enabled, it also means that you have to establish a relationship with that person before ever sending them a secure message. If you try to send an encrypted email to someone before you exchange keys with them, your message will just appear as garbled, unreadable text.

S/MIME doesn’t fare much better, as it requires you to purchase a secure digital certificate through a certificate authority (CA). While some CAs will give you your own digital certificate for free, usually they only last for a year, and they are only for personal use. For businesses, each user will have to obtain their own digital certificate.

While both PGP and S/MIME are very secure, it’s unlikely that you’d be able to get all of your friends and colleagues to adopt them, especially if they aren’t tech savvy.

How Virtru Encrypts Email Without the Hassle

Encryption doesn’t have to be difficult. With Virtru, client-side encryption is simply a matter of installing a plugin. That’s it. There’s no complicated setup procedure, there’s no key exchange, and there’s no need to go to a third-party certificate authority. If you want to send an encrypted email to someone, you don’t have to worry about them figuring out arcane software, either — they’ll be directed to download the plugin, and then they’ll be able to read your message, provided you’ve given them permission to.

Virtru works with Gmail, and Outlook, meaning that no matter what email service provider you use, you’ll be able to use Virtru. The same goes for your mobile device, as Virtru works on both iOS and Android.

With Virtru, email’s security flaws are easily patched up. Even if your service provider’s server is hacked, your messages will be encrypted and safe. Likewise, even if your account is compromised, your messages will be locked down, impenetrable to anyone but those with permission to see them.

Email is dead? We don’t think so. Instead of trying to switch to the latest messenger or chat service, download Virtru today and see how easy it is to enable client-side encryption.

BEFORE YOU LEAVE

Stay Up to Date With the Latest in Digital Privacy

Subscribed! 

[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]
[if lte IE 8]

You're one step away from a personalized walkthrough.

Thank You for Your Interest

Which product are you interested in?

REQUEST A DEMO

REQUEST A DEMO

We'll reach out to schedule a time.