Email can reveal your company's secrets

 This article originally appeared in the Pacific Business News print edition on 9 January 2015. What if you woke up one morning and went online to check your account balance and, after entering your user name and password, your bank's website came back and said, "Hi! We'd really like to show you your balance using an encrypted connection but, shoot, if we can't figure it out, do you mind if we use an unencrypted connection that will transmit your information in the open instead?"

I think we can all agree that bank would not be in business very long. Yet, there is a piece of technology we all use and depend on that behaves exactly like that. In fact, you may have even used it to read this article. The answer, as you might have guessed, is email. In this column, I’ll explain what email’s biggest problem is, what can be done about it, and my thoughts on the road ahead.

What is the biggest problem with email?

About 12 years ago, we experienced what I call an email epidemic. Seemingly overnight, users around the world experienced a widespread influx of viruses and junk mail in their inboxes. With no cure in sight, this global problem exposed our addictive relationship with email: We need it, we use it all the time, and we’re willing to pay extra for it to work properly. As a result, an entirely new industry was created to curb junk mail and viruses. I experienced this wave first-hand when I launched my own email filtering company (Pau Spam) in 2002. Fast-forwarding to today, I believe we are experiencing a new type of email epidemic- poor or nonexistent email security. You probably know email is one of the oldest components of the Internet. What you might not know however, is how much of it is sent across the worldwide web using unencrypted connections. Going back to the example scenario I used above, the way all email works is that if either the sender or recipient systems don’t use encryption, the entire email conversation is sent in clear text, without encryption and in the open, for anyone with sufficient means to read, copy, intercept, or eavesdrop. If you don’t think this a problem, just take a look at today’s news. Confidential, embarrassing emails from Sony executives got leaked to the public recently. Last month the US State Department, White House, US Postal Service and the NOAA all revealed their email systems had either fallen under attack or been compromised. While the details of the methods used remain classified, we can draw conclusions from reading about Edward Snowden, the NSA, China, and cyber warfare in general. In other words, you can be assured that if you aren’t encrypting your email, it is being read, copied, and intercepted without your knowledge or approval.

Why is this important?

Regardless of where you work, you use email. You use it for mundane communications like, “I’ll see you later today” to sending confidential proposals, contracts, or corporate secrets. Again, we just need to think about Sony’s embarrassing leaked emails to be reminded of this. A buddy of mine said recently, “every bit of business competitive advantage flows over email.” If you agree with him as I do, then the next logical question is, “why isn’t all email encrypted?” This is why we should all care about the precarious state of email- it’s what we use to communicate, get ahead and compete.

What can be done?

Email encryption of one form or another has been around for at least a decade. If you’ve ever exchanged PGP keys with someone, or been forced to remember the website portal of the email encryption service your company uses, or installed a special button in Outlook that isn’t available on your smartphone, you’re painfully aware of the friction involved. In general, the user experience around email encryption today is painful and poorly executed between desktops and smartphones. So what then, can be done about email and its need for better and easier-to-use encryption? In my opinion, the answer lies with seamless encryption. I define seamless encryption as having two key characteristics: 1. Regardless of what the user does, the data is always encrypted. 2. It works without any additional user interaction. In other words, seamless encryption means that user behavior remains the same, yet the data is always encrypted. When it comes to email and our dependence on it, wouldn’t you agree this is where all email should be headed? Yet as we are painfully aware with each passing week’s headlines, email is nowhere near this in 2014.

The road ahead

When I look back at the first tech boom of the late-1990s, the Internet reminded me of a baby toddler. It was new to the world, didn’t know its bearings and no one knew how it would grow up. Who could have foreseen the rise of the selfie, the hashtag, Facebook, Alibaba, or Uber? Now as I sit and think about the second tech boom we are in, I’m reminded of the Internet behaving like an unruly teenager. It’s getting bad grades, smoking cigarettes, making poor decisions and taking the family car out for joy rides. Yet it still shows tremendous promise and untapped ability. And just like every teenager, the Internet can and will grow up. The opportunity to provide business leadership in that regard is certainly a business model you can bank on.