Databus Issue: 2006 4 10/17/2006
E-mail Security in Modern Times
Michelle Richard Education Technology
PDF
Faster doesn’t necessarily mean better. History shows that there is a security risk whether mail is delivered by the Pony Express riders or delivered electronically. Bring awareness to the surface and recognize that e-mail is not as safe as popular thought; that is the first step in keeping our children’s information away from wandering eyes that might otherwise have ill intentions. Take preventative measures by securing your email through encryption coupled with anti-phishing tools and certificates. Finally, know what can happen and consider the consequences if someone should take advantage of the information that is sent through that medium. Not to worry, there are a few simple steps that if followed, can effectively protect your e-mail.
Encryption, Encryption, Encryption…
“There is a tool called PGP…Pretty Good Privacy which allows your e-mail to be encrypted and sent to someone you know. You give them, in advance, a public key so they can decrypt your message when they receive it. Anyone in the middle sees a bunch of garbage,” explains David Almilli, a software developer. PGP, along with preventing the lure of potential phishing attacks, can reduce your risk. Jake Fear, vice president of research and development at Know’bout Inc. adds, “Of course, various forms of malware are also a huge threat, but a proper defense against it isn’t necessarily difficult.” He says to use PGP and GPG for “highly sensitive information” and to update periodically with patches from the operating system vendor.
Some Historical Facts
In 1860, the Pony Express was the fastest way to deliver a communication from the Pacific to the Atlantic coast until the invention of the telegraph. In one way, the Pony Express was famous for speed of communication. It took 10 days or less to send a letter from San Francisco to New York. A considerable time saver compared to other methods of mail delivery. Now, consider sensitive information. Sometimes messages were written in a code that could only be deciphered by the recipient who had a key to unlock the message. And now in our modern, sophisticated technology savvy world, people can send and receive messages across all of the oceans and around the globe, secured with a ‘handshake,’ in less than 10 seconds.
Techy Teens, Perhaps…
Generally speaking, anyone with some “snooping” devices (a techy teen, perhaps) can easily see your unprotected communications. “There are probably hundreds of e-mail clients out there, all of which support at least POP3,” which is naturally insecure, says Rich Kadel, president and CEO of Know’bout, Inc. By taking these few extra precautions below, you can be on board and on your way to safer interfacing.
Steps
1. For Outlook Express e-mail applications go to the ‘Tools’ menu
2. Chose the ‘Options…’
3. Click on the ‘Send’ tab and change options to ‘Plain Text.’
4. Chose the ‘Read’ tab and check the ‘Read all messages in Plain Text,’ uncheck the ‘Automatically download messages when viewing in the Preview Pane.’
5. On the Receipt tab, chose ‘Never send a read receipt’ or ‘Notify me for each read receipt request.’ (Some may be from someone you trust, but others could be from spam that is looking for a return receipt to see if the e-mail and IP addresses are valid.)
6. Select the ‘Security’ tab and under ‘Virus Protection’ select ‘Restricted site zone.’
7. Check the box ‘Warn me when other applications try to send mail as me.’
8. Check that box and the box ‘Do not allow attachments to be saved or opened that could potentially be a virus.’
9. In the same tab under ‘Secure Mail,’ check box ‘Encrypt content and attachments for all outgoing messages.’ Don’t forget to get a Digital ID.
Next, to obtain a certificate, check out the free site www. thawte.com or www.verisign.com. The latter is not free but both are reputable certificate sites. Follow the directions on the site to obtain what you need to decrypt encrypted incoming mail.
Once the certificate is in place and the encryption box is checked “the data going across the wire looks like a bunch of garbage to anyone who is snooping around the TCP/IP packets,” says Almilli.
Without certificates, “these [e-mails] could easily be indexed so a student could, in theory, search for information on specific students, or from or to certain teachers,” adds Kadel.
Who do you trust?
Understand that many teachers trustingly send personal information like student ID numbers or other sensitive identifying information regarding their students over e-mail. Clearly, teachers need to communicate with the parents and each other. There isn’t any way around that. Unfortunately as a society, we have come to rely on e-mail as a convenient, time-efficient way to communicate; thereby many have donned a ubiquitous lackadaisical attitude toward safety. “E-mail can be used to send malicious code, spy ware and viruses to another machine,” says George Comes, a network analyst for San Diego County School District. How many times has it been said that e-mail is secure and it isn’t? As technology advances security risks travel along with it, thus, we have to be faster or at least up to speed with the latest public keys and certificates.
This topic is very important to many educators who do most of their communications electronically. According to the U.S Department of Education, National Center for Education Statistics, 68 percent of teachers surveyed believed that “a computer station with access to electronic mail” was essential to their teaching.
When teachers in the San Diego School District were asked about what they thought about the security of e-mail communication, most responded with comments saying that it isn’t thought of and it isn’t at the top of their priority list when exchanging information between parents.
History Shows an Ongoing Security Challenge
The security risks associated with the Pony Express resulted in death. As a matter of fact, the advertisements wanted riders who were orphans, and didn’t mind risking their lives on a daily basis. Now, security risks with communication by e-mailing won’t result in something as dramatic as death. However, a few grades could get changed, a student or a sexual predator could gain access to inside information about other students, teachers, and staff members.
From the Pony Express to sending messages electronically to who knows what the future holds, one thing has remained constant: security is a concern that is an ongoing challenge. By securing through encryption, you’re on your way to making communication more secure than before. So don’t be shy, spread the love and impress your co-workers with the new found knowledge of encrypting your e-mail by using PGP, anti-snooping tools and being cognizant of the risks associated with using unprotected e-mail. The above will improve your chances of keeping private conversations private and precious information out of the wrong hands.
