The Multiplication Effect of Email: How it Leads to Sensitive Data Compromise
by Jason Sherrill
In a world of SOCS, HIPAA, mobile connectivity, telecommuting, and cloud based backup and storage, the multiplication effect of email storage puts any sensitive data exchanged through email at tremendous risk for accidental exposure or theft.
What is the multiplication effect and how does it pose a security risk?
The multiplication effect is the term we use to describe the result when an email message and its attachments are copied and stored as the email moves along its path from sender to recipient. Let's look at each of the steps that puts an email at risk.
1. Sender's Sent Items
When you send an email, a copy is typically saved either locally on your computer or on the mail server (or both, in some cases) in a Sent Items folder. These folders typically are not encrypted and are easy for anyone with access to your computer or your mail server to access.
2. Computer Backup
Your computer is likely backed up on a regular basis, either to a network backup location, a cloud location, or a device connected directly to your computer. This backup will contain a copy of your email messages. Often these backups are not encrypted and readable by anyone with access to the location where the backups are stored.
3. Spam or Security Filtering Server
Your incoming and outgoing email messages are often first routed through a spam and security filtering server. These systems are designed to protect you from sending or receiving spam or attachments with malicious files. These system also often store a copy of the email message for a period of time in a decrypted state, which means that anyone with access to these servers can view your email and attachments.
4. Sending Mail Server
When you send an email, the messages and attachments rely on a mail server to handle the delivery and storage of the email. Every message you send is stored on a mail server. Many email servers do not store message data in an encrypted state, which means anyone with access to the mail server has the ability to view messages that are stored there.
5. Receiving Mail Server
When you receive an email, the message and attachments are stored on your mail server until you delete the message. Many mail servers do not store email in an encrypted state, so anyone with access to your email server has the ability to view the messages stored in your email account.
6 & 7. Mail Server Backups
All mail servers are backed up on a routine basis. The backups are typically stored in another location on the network or in a remote cloud backup location. If the backups are not encrypted, then anyone with access to the storage location has the ability to view the data stored in those backups -- including your email messages.
8. Mail Archiving Server
Many corporate environments today use email archiving servers or third-party services to store copies of all incoming and outgoing email messages. Some industries require this as part of their regulatory compliance. It is not uncommon for these servers to store the data in a decrypted format and to allow people with access to these servers to view and even search the email messages.
9. Mail Archive Server Backup
Similar to mail server and computer backups, mail archiving servers are backed up on a routine basis. These backups are often stored in remote network locations or on third-party cloud storage platforms. If these backups are not encrypted, then anyone with access to the storage locations has the ability to gain access to the data these backups contain.
10. Smart Phone
Do you send or receive email on your smart phone? If so, depending on how your phone is configured, you may be storing copies of all of the messages you've sent or received on your phone. If you lose your phone, it's stolen, or if someone gains access to your phone, then any sensitive emails on your phone are easily accessible.
11. Smart Phone Backups
Most smart phones today provide mechanisms to backup the data, either to your computer or to a third-party cloud backup location. If these backups are not encrypted, then anyone with access to your computer or to the remote cloud storage location can access the data stored in your backup, including your email and attachments.
12 & 13. Tablets and Other Devices
If you have a tablet in addition to your smart phone, you likely have the tablet configured to send and receive email. Like smart phones, depending on how you have the tablet configured, you may be storing copies of all of your sent and received emails on your tablet. If you lose the tablet, it gets stolen, or someone gains access to it, then all of your email is at risk. In addition, if you perform unencrypted backups of your tablet, then anyone with access to the backup storage location also can access your email data.
How Delivered Secure Handles the Multiplication Effect
The Delivered Secure system handles storage in such a way that it drastically reduces the multiplication effect. With Delivered Secure, email is only used for notifying senders and recipients that a secure message exists. When a sender sends a message and attachments through Delivered Secure, the data is immediately encrypted when it is sent and then encrypted again when it's stored temporarily on the Delivered Secure servers. Delivered Secure then sends a notification to the recipient, but the notification email does not contain any sensitive data. When the recipient accesses the message, it is temporarily decrypted to allow the recipient to view the message and download any attachments over an encrypted connection.
When a sender or recipient deletes a message from Delivered Secure, or the automatic SecureShred technology deletes it, the message is permanently destroyed. The only copies of the message that exist are the sender's original copy and a copy the recipient may have securely downloaded. This is why Delivered Secure is a much safer alternative to email to send and receive sensitive messages.
Start a free trial today. No credit card is needed, it takes about 2 minutes, and we have some short how-to videos to help you get started.
Jason Sherrill
Jason works behind the scenes on security processes and architecture. Jason also works directly with customers to help guide product development road map and functionality of Delivered Secure.