Hackers are Reading your Email

Hackers are Reading your EmailGlobi Web Solutions is a boutique custom web design firm in Calgary, Canada. Over the last 13 years in business, we have witnessed countless incidents of people sending credit card information and website passwords via email.

Email is an incredibly insecure medium. When you send an email, it is passed from mail server to mail server until it reaches it’s destination. Since emails are stored as plain text, these messages can be read by every server on the way. Additionally the message can be intercepted and read between servers.

If you send credit card info, passwords, or other sensitive information by email, you may as well write it on a piece of paper, photocopy it 500 times, make 500 paper jets, and send them off a tall building.

Faxing is also not secure. Phonelines get tapped, and with the massive move to digital phones, the packet data is equally vulnerable to interception on the Internet.

There are privacy laws in most countries that require sensitive information to be protected by reasonable means within the companies that obtain your sensitive data. This does not guarantee that your data is secure, however it at least means there’s legal recourse should such data leak out.

In an effort to keep credit card numbers and passwords secure, we obtained such information by phone for many years. Although voice over phone is a lot more difficult to intercept by automated means, it adds a level of complexity. Credit card numbers are easy to communicate by phone, but complex passwords are not, especially if the phone connection is not perfect and audio quality is not optimal.

We created an internal system to allow clients to log into a secure web interface so they could provide us with sensitive data. This worked out so well, that we turned it into a public service.

MyMessageSafe.com is an online messaging portal that allows individuals to send sensitive data like credit card numbers and passwords by means of an online portal. Accounts are free, and email alerts are sent out every time a secure message is sent to a recipient.

The connection to the web application is secured by SSL certificate, and the data is furthermore encrypted on the server before being stored in the database.

The workflow of MyMessageSafe.com is quite simple:

1) Sender logs into their account, and creates a new message to the recipient. Addressing is still done by email address.

2) MyMessageSafe.com sends an email message to the recipient, notifying them that they have a secure message from the sender.

3) If the recipient does not have a MyMessageSafe.com account, he/she needs to first create one (it’s free to join).

4) Recipient logs into their MyMessageSafe.com account and can read the secure message.

Although there are many solutions to make email secure, they are not intuitive for the average web user, nor is the process entirely simple. We tried coaching a few clients through a PGP encryption key setup, and quickly realized that this solution would not work for most people.

We’ve been asked over the years why we offer MyMessageSafe.com for free. We created the system to help people keep their data safe, and we feel that this is a much needed service. Internet users should be aware of the risks of email. There are plans to introduce paid models to allow integration of MyMessageSafe.com with other websites in the future. This way, website owners can have secure web forms without needing an SSL certificate and the headaches of keeping the data safe.

Even when using secure tools to transmit sensitive information, there are still a few rules that people should follow when it comes to storage of such information. It is not recommended to store sensitive data in MyMessageSafe.com for the long-term. The system is designed to facilitate sending of such information, not storing it.

Additionally, users should ensure that locally stored data is secured by passwords, and in non-publicly assessible places. Very often business fall flat on this, by printing out correspondence that has credit card numbers and passwords, and then filing them in the general office area. There have been many reported cases where purging such files was not done correctly – ie by shredding.

Many major breaches of the privacy act have been reported in the incorrect disposal of PC equipment. Anything on the hard drive may still be available, and the would-be hacker would have all the time in the world to decrypt any data, should they gain access to the hard drive.

The storage and transmission of private information is a sensitive subject. MyMessageSafe.com is a secure online platform to facilitate the transmission of such information, in an easy-to-use web portal that mimics most generic webmail systems. If a user can use email, they can use MyMessageSafe.com.

For more details, please see www.mymessagesafe.com

About Globi Web Solutions:

Globi Web Solutions (http://www.globi.ca), is a private Calgary Web Design Company offering website design & development, programming, maintenance, hosting, search engine optimization, and marketing. With over 25 years of business experience, the Globi team specializes in providing functional web tools to help small and medium-sized businesses become more profitable.

Visit us at www.globi.ca

Read our Blog at www.globi.ca/blog/

Like us on Facebook at facebook.com/globiweb

Follow us on Twitter at twitter.com/GlobiWeb

 

Be Sociable, Share!

Leave a Reply

Shoestring Book Reviews

Shoestring Venture Reviews
Richard Hooker on Jim Blasingame

Shoestring Fans and Followers


Categories

Archives

Business Book: How to Start a Business

Shoestring Book

Shoestring Venture in iTunes Store

Shoestring Venture - Steve Monas & Richard Hooker

Shoestring Kindle Version # 1 for e-Commerce, # 1 for Small Business, # 1 for Startup 99 cents

Business Book – Shoestring Venture: The Startup Bible

Shoestring Book Reviews

Shoestring Venture Reviews

Invesp landing page optimization
Powered By Invesp
Wikio - Top Blogs - Business