All of us have a key that enters our front door. We believe that no one else can get in without a key and we entrust this front door key only to people we absolutely trust. The security of your front door is an illusion. The door can be easily broken down. The windows are easier to enter from via a broken glass.
We should assume the same about our passwords to login to our email systems and our PIN codes to unlock our phones. The recent hacking of the DNC emails only serves to remind us that email communication is not secure. Anything written and sent via email can be hijacked in various ways.
Your email communication is not secure, understanding this is the first step. The second step is understanding why it is not secure.
- The receiver of the email can forward, save and disclose to anyone they choose
- The email service provider (Hotmail, Outlook, Gmail, Yahoo) can be hacked, or more likely hand over the email to the government.
- Careless handling of passwords by the owner of the email account, not turning on 2 factor authentication
- A phone using IMAP which downloads all of your emails and stored locally on the phone gets stolen without encryption and without a strong PIN to protect it.
- Various conviniences like cloud backup storage (I Cloud, Dropbox, Box, Google Drive) that you store email backups and password files that are unencrypted can compromise your emails
- IT departments underfunded, with not enough security measures, hosting machines that emails are downloaded for their employees also could get hacked.
- A co-worker or family members installs malware on their devices can comprise everyone
- State sponsored hacking is impossible to stop.
Just a friendly reminder to myself and others that email is not secure, did I say that already?