BLOGs
Technology
Published August 01st, 2016 by

Technology is Moving, Are You?

Encryption … in a world where cars drive themselves, Marty McFly’s hover board has come to life, and we are trying to inhabit Mars. Technology drives the world we live in, it makes communication simple, and it allows once considered difficult tasks to be completed with ease. This sophistication has greatly altered the way in which we communicate … Communication has been streamlined and become ultra-accessible, with the cloud. However, it has created many vulnerabilities, as the information has become more accessible to us it has also become just as accessible to identity thieves.

So how can you protect yourself? Encryption is the answer to the loss of our personal information. This article will make you even smarter, it will inform you in a very simple way what the vulnerabilities are and how to best to protect yourself.

The origins of encryption

The word encryption draws its roots from the Greek word kryptos, which means hidden, secret, or concealed. The very first stories of encrypted messages date back to 1900 BC, when Egyptians experimented with either transposing or replacing standard hieroglyphs with other symbols to hide messages. Their first attempts at encryption mostly served for entertainment, rather than practical purposes.

The modern-day encryption is, of course, much more complex. It is widely used by governments, organizations, and individuals to safeguard sensitive data. Encryption can secure data while at rest (stored on servers, mobile devices, computers, flash drives, etc.), or in motion (while traveling via electronic channels from point A to point B).

Email and the illusion of privacy

With nearly 2.6 billion users in 2015 (Email Statistics Report, 2015-2019, The Radicati Group, Inc.), email is the most commonly used form of communication. Unfortunately, it is also extremely vulnerable, if no special precautions are taken to secure it.

There is an illusion of privacy which comes with email. It could be the speed with which messages travel. Of course, we all have heard stories of emails taking days, or even weeks, to get delivered. The majority, however, arrive in seconds to minutes. It gives email users the confidence to think once their emails leave their computers, they go straight to the recipient. Direct route is the fastest, right? If we want to travel to New York from San Francisco, and we want to do it quickly, would we travel through Alaska?

Indirect paths riddled with stops

In reality, messages often take scenic routes to their destinations. They bounce from server to server, and are rerouted multiple times before reaching the recipient. And every time your unprotected message stops at a server or router, its contents can be easily read, copied and saved, without your permission. For the sender, there is really no way to predict the number of stops, or routing points his or her email is going to go through, after they hit “Send.”

Here is how email really works:

  • You compose a message in your email client, and click “Send.”
  • Your message goes to your email server. The email server checks the message for the address, to figure out where it is supposed to go, and sends it on its way.
  • To get to the recipient’s email server, the message has to go through the Network Cloud. There, it can get rerouted multiple times through routers along the way.
  • Your message hits the recipient’s email server. It goes through filters (spam, anti-virus, etc.), until it finally —
  • Lands in your recipient’s mailbox.

While it is hard to predict the exact roadmap of each message before you send it on its journey, it is possible to retrace the steps your email took to arrive at its final destination. You can examine headers, and use trace-route tools. However, none of this information is going to help you determine whether or not your data was compromised, or illegally copied along the way.

Email can be compromised at different points of its travel:

  • On devices – there are multiple ways in which your device, such as your computer or phone, can become exposed, giving hacker’s access to your sensitive data. Malware is the most common way to access your data remotely. If your device gets lost or stolen, password cracking is another way of physically stealing your information. Once hackers get access to your device, locally or remotely, they also get access to all the files stored on it.
  • On networks – networks provide plenty of opportunities for hackers to get ahold of your unprotected data. Your data has to travel through multiple routers to get from your provider’s email server to the recipient’s server.Each of these rerouting stops is an opportunity for criminals to access and steal your data. Just because the connection is secure during one part of your email’s trip to the recipient, doesn’t mean it is going to be secure all the way to its final destination. If the recipient’s email client doesn’t support secure connections, the message has to be delivered in plain text, even if it was mailed using a secure connection. As a sender, you simply have no control over it.
  • On servers – by getting ahold of a master password, or exploiting security holes, hackers can simply access all messages stored on the server. Email is usually not encrypted by the provider, but stored as plain text. Using encryption for storing every email for every user is simply not practical for most providers.

Would you know if your data was compromised?

Some data compromises are very obvious, such as when your device gets stolen, or you detect malware on your computer. Such unpleasant discoveries give you time to react. You can notify your banks or your credit card providers, to help prevent hackers from using your identity or accessing your finances. The problem with most data hacks is they go completely undetected until it is too late, and someone is already using your information for their own benefit.

Using sniffers is the most common way to stealthily steal your data while it travels to its destination. A sniffer is a program designed to collect information on network traffic to prevent potential problems. Network managers use data collected by sniffers to ensure an uninterrupted flow of traffic. They are legitimate and useful devices.

Sniffers work in tandem with routers which serve as mini post offices, directing messages to intended recipients. Routers analyze packets of data and decide if messages should be delivered within their own network, or if they should be rerouted further on.

The problems occur when an illegal sniffer, planted by a hacker, is paired with a legitimate router. Instead of analyzing traffic to prevent bottlenecks, sniffers access and read data packets processed by the router. While routers only need to determine where the mail is coming from, and where it is heading to, illegal sniffers can now command them to revel the contents of the whole packet, including the actual message. Since most sniffers are legitimate programs, the rogue ones are often quite difficult to spot.

The price of a human error

Hackers’ technological ingenuity appears to have no bounds. But do all hackers rely on technology to get access to valuable information? Surprisingly, no. Relying on technology is an expensive, time-consuming endeavor which requires skills and knowledge. The new generation of hackers frequently prefer to exploit human, rather than technological weaknesses.

Phishing scams is a great example of how hackers use human nature to get access to sensitive data. By impersonating someone the victim knows (often his or her supervisor), hackers are able to convince the victim to either reveal their login credentials to gain access to the system, send them specific documents they are after, or transfer funds into the hacker’s account.

According to the FBI, the Business Email Compromise (BEC) scam, or wire transfer fraud typically initiated using phishing methods, is responsible for the $3.1 billion loss, suffered by businesses between January 2015 and June 2016. All those billions were lost simply because the people in charge of sensitive information simply trusted the hackers.

There is yet another way how sensitive information can get into the wrong hands because of a human mistake. Some people simply type in the wrong email address, and send their files to the wrong person. It happens more often than many can imagine.

In August 2015 an employee of Charles Schwab accidently emailed a spreadsheet containing names, social security numbers, addresses, and dates of birth, account balances, and other sensitive information to the wrong address. Over 9,000 accounts were affected.

In December 2015, Toyota informed their customers their names, bank account numbers, and bank routing numbers were emailed by mistake to one of their vendors in an unencrypted email.

And the list of incidents goes on and on…

Besides relying on our luck, is there something else we can do to avoid being hacked and tricked by scammers, or subjected to the costly consequences of human errors?

Encryption – the seasoned tool for the modern problem

The very old art of encryption has a very practical application in the modern world. Encryption is freely available, simple to use, and affordable. It can be used to secure data at rest, and in transit.

Encryption can serve multiple purposes – it can help combat technology-related cyber hacks, help prevent phishing attacks, and reduce chances of a human error.

  • Cyber hacks – encryption can’t prevent criminals from getting ahold of your files. Your computers can still get stolen, and your email accounts can be broken into. Of course, encrypted files are pretty much useless to hackers, since their content can be read only by intended users with the unique decryption key.
  • Phishing attacks – relying on deception by impersonating someone the victim knows, phishing criminals either directly break into the email system of the person they are impersonating, or use similar looking domains to send messages. Most encryption systems use various authentication mechanisms to authenticate senders and receivers. Senders have to come up with questions that only recipients would know the answers to, minimizing the chance of a successful deception.
  • Human errors – while nothing can prevent users from emailing sensitive information to the wrong address, if the emailed data was properly encrypted, the wrong recipient wouldn’t be able to open and/or read it.

Unfortunately, email was never designed to be a secure form of communication. There is not much we can do to change the way email works. But we do have encryption tools available to us to ensure our messages are protected from the moment we compose them, to the time they are opened by the intended recipient.

Todd Sexton is President and CEO, Identillect Technologies

Todd Sexton

CEO & Director at Identillect Technologies
Todd Sexton is the Chief Executive Officer of Identillect Technologies. A seasoned professional, Todd has over 20 years of experience in managing dynamic business organizations. Over the past 10 years Todd has been involved in creating and developing innovative email security applications, as well as championing their adoption across organizations of all sizes. Delivery Trust, the flagship solution of Identillect Technologies, is one of the security products Todd helped develop and introduce to the market.

Our rankings are completely independent, transparent, and community driven; they are based on user reviews and client sentiment. These technology companies had to earn their way up and didn't just pay their way up.

View Rankings of Best Technology Companies