Email Encryption Presentation - Hacker Halted 2010
So you really thought your email was private?
The concern with email today is that any individual with access to any of the switches, routers and hubs between your outbox and your recipient's inbox is able to read your unprotected email.
Even if the email body is encrypted, the header data can offer vital clues to prying eyes, and two of the most common encryption solutions do not encrypt headers, or attachments. Cyberspace is filled with individuals and organizations who constantly seek information to exploit for profit or malice.
The growing body of regulation in the United States imposes enormous burdens on organizations to safeguard the personally identifiable information (PII) of their clients and customers, patients, students, employees, vendors, investors, and other stakeholders.
HIPAA regulations require that “Information systems housing protected health information (PHI) be protected from intrusion. And when information flows over open networks, some form of encryption must be utilized." The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) expands security and privacy requirements—including encryption—and imposes them on outside organizations who may exchange information with medical entities.
Many other regulations—including those governing all manner of financial services, systems and information—have similar requirements. Individual states are getting into the act as well, with Nevada (NRS 597.970) mandating the encryption of all business transmissions that send personal information over the Internet. These requirements will become more stringent rather than less.
This downloadable presentation reviews various email privacy regulations and the encryption solutions that are available to address them, illustrating their respective weaknesses. Designed to assist IT professionals and email administrators in making effective choices to protect their organizations’ email communications, it was originally presented by Michael Scheidell at the Hacker Halted USA Conference in October 2010.
Click the PDF button at top right to download this 35-page presentation.
"I have called several of the IT contacts on your reference list, and I have to tell you… I am impressed. I'm glad you came along when you did, just before I went with an IronPort device. Your spam solution does more for about the same money."
Amanda Miller, VP Information Technology, 1st United Bank