Email is the dominant form of written communication that has narrowed distance between people on opposite sides of the world. Low cost, fast, and delivered securely through a series of interconnected servers around the world, email has replaced letters as a standard for communication, even for important communication requiring high level of security.
Most people’s interactions with email as a communication medium typically revolves around the free email provided by major technology companies such as Google, Yahoo, and Microsoft. But, there exists also a parallel email system smaller in scope and more defined in security architecture. These are the private email systems of businesses, universities and government agencies.
Protected by dedicated security architecture, these private email systems are often thought to be more secure than those available from the major free email service providers. But, is this true in reality? The answer depends on the abstraction level at which the question is posed and answered.
At the fundamental level, private email systems such as those available in universities and government agencies are built on an architecture different from those in Outlook or Gmail, and utilizes differentiated security protocols designed with the specific needs and requirements of the agencies in mind. However, regardless of the security protocols used, all email systems are designed to be secure. The necessary question to ask is how secure is an email system with respect to a particular threat level or hacking method used? As computer security threat increases and evolves, methods for securing an email system also improves and are updated. But, computer security is always an arms race between malwares and security protocols. Thus, there always exist as yet unknown vulnerabilities (i.e., zero day exploits) in email server systems, which make them undefendable against hacking attempts, particularly those utilizing incision points into the servers where the best antivirus programs or protection methods are defeated.
Perhaps the greatest security vulnerability existing on dedicated email systems such as those of universities or government agencies is their inherent centralized nature, where emails are not concurrently backup on multiple servers in different locations. Hence, implantation of viruses and malware would provide access points for hackers to repeatedly enter an email server to view and edit contents of emails stored on the servers, in transit, or even delete and send emails from individual email accounts, at the level of email servers.
On the other hand, how do email servers of commercial email service providers such as Outlook, Yahoo and Google fare? Typically, commercial email from major service providers are better defended and more secure than private email servers due to availability of a 24/7 cyber security teams monitoring the entire email system for cyber intrusions, as well as real-time backup of emails (sent and received) from individual accounts to different email servers at multiple locations in various parts of the world. Hence, assuming a hacker gains access to an email server and deletes or sent an unauthorized email from a target account, the sent email would be detected by the target individual owning the email account because it is backup at other unaffected email servers around the world. Similarly, an email deleted from an email server would still be available to the target individual when he log on into his email account, as all copies of the email must be deleted before he could not view the deleted email. Why? An individual commercial email account is not tied to a single email server, but it draws its feed of emails from multiple servers in different parts of the world. Such distributed email storage provides both robustness to failure and security from hackers.
What can individuals do to better protect their emails from hacking at the laptop or tablet level? While email software such as Outlook and various email apps on mobile device are secure with respect to hacking from the Internet, their security is on par with that of the laptop or tablet. Thus, if access to the application layer of the laptop or tablet is lost, hackers could access the email software and do significant damage to the individual’s digital rights freedom. Specifically, an email deleted or sent from the individual device are replicated at all email servers around the world belonging to the email service. Therefore, compared to server level email security, protecting one’s email at the device level is of paramount importance. Regular change of login passwords and use of web-based emails are better options for email security. Necessarily, using a highly secure Web browser is imperative to protecting one’s precious email communication link to people around the world.
As a medium for facilitating rapid written communication, email is the pillar of digital communication that enables commerce, online transactions, and banking between individuals located in distant parts of the world. While helping bring the world closer together, email also play important roles in providing opportunities and access to communications between people who, without the communication tool, would never have had the chance to meet and understand each other. Email, thus, is a tool for enhancing communication for understanding, education, and facilitating trading transactions.
But, emails need to be secured and there exists multiple ways for securing them at different levels. At the sever level, emails in commercial email service are typically more secure from the perspective of defending against unauthorized send and deletion due to its distributed nature of backing up every email (sent, deleted or in draft form). Hence, emails from centralized email servers, such as those of government, businesses and education institutions are less secure from unauthorized deletion and sending of emails. Finally, at the personal level, better security of emails could be achieved using a high security web browser for viewing your email online rather than through email software/app on laptop and devices, where hacking could provide access to the emails at the device level.
Category: communication security,
Tags: email server, security protocol, email software, Web mail, dedicated email service, commercial email service, backup, robustness,