Dr. Galina Datskovsky–an expert in the fields of compliance and information governance, and CEO of Vaporstream–joins me to talk about secure messaging. More specifically, we discuss the fixation on encryption and the ways that encrypted email still falls short of the goal of secure messaging.
There is a lot of focus on encryption–as there should be. Encryption is fine. Effective encryption is important to secure and protect data and email communications as they traverse across the public internet from Point A to Point B. The question is, how secure is your data once it arrives at Point B?
If I send an email with a sensitive file attachment–perhaps confidential information about an upcoming product release, or sensitive data like financial projections or employee salary details–I definitely want that data to be encrypted in transit. Once the recipient receives the message, though, it is typically decrypted seamlessly and automatically and now sits on the recipient’s computer…unencrypted. The recipient might be able to screenshot or forward the information, and I would never know. If the recipient’s PC is vulnerable or insecure and gets targeted by an exploit or malware, my confidential or sensitive material is now at risk.
Encryption is great, but secure messaging goes a step further. What can you do to restrict or limit what the recipient can do with the message or data once it is received. Can you terminate permission to view or access data after the fact? Is there anything you can do to prevent an attacker from accessing your data if the recipient’s PC is compromised? Listen to the podcast to find out.