Email, Fax and FTP Security

I recently attended a meeting where one of the topics discussed was the security of transmitting confidential information either by email, an FTP site or through a secure website protected by an SSL Certificate.

Most of us have email service with standard POP3 protocol, which sends usernames and passwords in the clear.  Anyone with the ability to “listen in” can easily retrieve this information and read your mail.  Not only do governments do this (see below), but so do hackers.  This can be resolved by using email encryption.  You can read more here

A few of us still have an older fax machine connected to an open telephone line.  Transmitting credit card and other confidential information with this equipment is simply courting trouble since not only can a paper fax be sent to the wrong recipient in error but the transmission itself can be hacked.   Information of how to secure your fax machine can be found here

SSL stands of Secure Socket Layer protocol that secures transactions between web servers and your browser.  The protocol uses a third party call a Certificate Authority.  You can tell that you are on a secure website when you see https:// in your browser address bar.   Here is a good explanation of how it works:

Transferring confidential information and files using FTP (File Transfer Protocol) can also be very insecure if done through your browser.  Confidential information should be transferred using secure FTP connections with encryption.  Here is a brief explanation

Websites that sell products not only use a secure site to accept your credit card and other confidential information but they also use a merchant service like PayPal to ensure that this information is not transmitted in the clear but rather is heavily encrypted as processing takes place.

And last but not least is cloud computing – a new concept in cyberspace and how secure is that?

Most people are not aware of the surveillance system established in 1948 by the US National Security Agency (NSA) called Echelon.  This global spy network captures and analyzes virtually every phone call, fax, and email message sent anywhere in the world.  Canada is a member of this consortium together with England, New Zealand and Australia and to think that Echelon is the only information-gathering network of its kind in the world would be naïve.

For associations that need to transmit confidential and private information of any nature over the Internet, attention must be paid to ensure that the best level of security is applied to those transmissions while accepting the fact that nothing can ever be fully secure all of the time.  Application of an intelligent degree of risk management is the key as this final article explains

This entry was posted in Random Thoughts. Bookmark the permalink.

Comments are closed.