Email Encryption Presentation - Hacker Halted 2010

So you really thought your email was private?

The concern with email today is that any individual with access to any of the switches, routers and hubs between your outbox and your recipient's inbox is able to read your unprotected email.

Even if the email body is encrypted, the header data can offer vital clues to prying eyes, and two of the most common encryption solutions do not encrypt headers, or attachments.  Cyberspace is filled with individuals and organizations who constantly seek information to exploit for profit or malice.

The growing body of regulation in the United States imposes enormous burdens on organizations to safeguard the personally identifiable information (PII) of their clients and customers, patients, students, employees, vendors, investors, and other stakeholders.

HIPAA regulations require that “Information systems housing protected health information (PHI) be protected from intrusion. And when information flows over open networks, some form of encryption must be utilized."  The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) expands security and privacy requirements—including encryption—and imposes them on outside organizations who may exchange information with medical entities.

Many other regulations—including those governing all manner of financial services, systems and information—have similar requirements.  Individual states are getting into the act as well, with Nevada (NRS 597.970) mandating the encryption of all business transmissions that send personal information over the Internet.  These requirements will become more stringent rather than less.

This downloadable presentation reviews various email privacy regulations and the encryption solutions that are available to address them, illustrating their respective weaknesses.  Designed to assist IT professionals and email administrators in making effective choices to protect their organizations’ email communications, it was originally presented by Michael Scheidell at the Hacker Halted USA Conference in October 2010.

Click here to watch a video of this presentation.

Click the PDF button at top right to download this 35-page presentation.