In early 2014, the New York Times reported that US law firm Mayer Brown LLP may have had confidential emails between it and Indonesia, whom it was advising in a trade dispute case, monitored by the Australian Signals Directorate – their equivalent of the NSA or GCHQ. High-profile cases like these may seem unlikely to affect small businesses, and most malicious parties don’t have the resources national intelligence agencies do. But cybercrime is a growing problem, and one of the reasons is that emails are often unsafe.
What actually happens when you press ‘Send’? It depends on the provider, but for most cloud-based services such as Gmail, when you press send your email is sent via an encrypted (SSL/TLS) connection to Google’s servers. Here it’s checked for spam and viruses, and is duplicated so there are backups. Then it’s sent on, again via an encrypted connection, to the recipient.
The sending process, therefore, is relatively safe (as long as your connection is encrypted – not all are). But what about the emails themselves? They often contain sensitive data, but they’re in plain text format. This means that if someone can access the email file, possibly as it moves through the internet or possibly when it reaches its destination, then they can read it. There are methods to protect your data – PGP (Pretty Good Protection) is one. It works very well: you just need to generate a private and public encryption key with one of a number of providers, then share that public key with everyone whilst keeping the private key totally secret, then find an add-on to an email client which will let you use PGP encryption, whilst making sure that the email client you’re using supports that add-on, then make sure everyone who receives your emails has the public key and decrypts them, then renewing your certificate when it expires at the end of the year…
You get the picture. It works, but it’s not convenient. And you’d probably guessed that since in all likelihood you’ve never heard of PGP before. So what can you do?
Well, you could take your chances with normal, unencrypted email. It’s unlikely that someone would snoop on your data, and for personal use that may be enough. But for a company it’s more difficult. The damage that could be done is greater than with personal email. You’re more of a target because people know you’re making money and have sensitive data. And you have a duty of care towards your customers and their information.
At Aiteo, we think those risks are too great. That’s why we use Aiteo SecurePortal, a secure document exchange facility designed and supported by IRIS, the UK’s market leading provider of business critical software and services to the UK accountancy and payroll sectors. This allows you to upload sensitive files via a fully encrypted connection, protecting your data whilst allowing you to share all your important files seamlessly with us. There’s no email involved. We know this sounds like marketing spiel – and let’s be honest, it partly is – but we think it’s a genuinely great product which keeps you and us safe. It’s a sad fact of life that, as technology grows more powerful, there’ll always be people who hope to use that technology for harm. It’s nice to think that it’ll never happen to you, but increasingly we can’t be sure that’s true. As accountants and business advisors, it’s our responsibility to keep your business safe – in IT just as much as in other areas.