Article
Safe E-Mail Usage
Email is being relied upon more and more as an essential tool for communicating and exchanging sensitive information and documents to allow workers to work remotely. However, examples of privacy compromises due to user error are common.
One such incident occurred in July 2001, the then California Governor Gray Davis’ office inadvertently released information which was intended to be secret – through a misdirected email. The email contained data on the state’s power purchases; information which the Governor suggested would compromise negotiations for future contracts.
Carvalho and Cohen of Carnegie Mellon University recently published a paper entitled “Preventing Information Leaks in Email” which addresses a number of privacy concerns arising from the use of email. The paper indicated that information leaks can severely harm both individuals and corporations – resulting in “expensive law suits, brand reputation damage, negotiation setbacks and severe financial losses”.
The paper presents a methodology for detecting potential leaks through comparing past email content of any message / recipient pair to the new message, identifying emails with significant differences. Tests conducted were able to correctly identify email leaks in almost 82% of the test cases.
While the paper suggests this technique can be easily implemented in email client software, a number of existing solutions can also be applied. For example, forcing users to encrypt classified emails not only secures message content, but the extra steps involved in the encryption process may provide users with the opportunity to re-examine the email address prior to the mail going out.
Privacy concerns aren’t limited only to the content of the messages, but also email addresses themselves. For example, in July 2005, PayPal received much attention for a piece of buggy “unsubscribe” request software which left customer email addresses exposed to attackers. Whilst the attack only revealed a small number of email addresses, the leak demonstrated the sensitivity of this information.
Despite these publicised incidents, the average email user will likely make mistakes which threaten privacy on a daily basis. For example, SIFT staff recently received an email from an information security conference organiser containing 303 unique email addresses in the “To” field. Even within the security industry, users often forget the techniques for safe email usage.
User education on the use and functionality of carbon copy (CC) and blind carbon copy (BCC) features are essential for any organisation which conducts business via email. In general:
# The “To” field should only be used for recipients whom the email directly concerns;
# The “CC” field should generally be used for recipients, who are indirectly involved in the content and whose involvement you would like the direct recipients to be aware of; and
# The “BCC” field on the other hand should always be used when sending to a group of recipients who are not directly associated with each other on the matter discussed. For example, a mailing list.
Furthermore, organisations may also consider formally documenting these processes in corporate policy for email usage where operations require extensive collaboration on sensitive projects via email.
For more information see the following resources:
California Power-Buying Data Disclosed in Misdirected E-Mail:
http://www.freerepublic.com/forum/a3b4611e82dc0.htm
Preventing Information Leaks in Email:
http://www.cs.cmu.edu/~vitor/papers/sdm07.pdf
PayPal E-Mail Leak Brings Phishing Worries:
http://www.eweek.com/article2/0,1895,1754013,00.asp
One such incident occurred in July 2001, the then California Governor Gray Davis’ office inadvertently released information which was intended to be secret – through a misdirected email. The email contained data on the state’s power purchases; information which the Governor suggested would compromise negotiations for future contracts.
Carvalho and Cohen of Carnegie Mellon University recently published a paper entitled “Preventing Information Leaks in Email” which addresses a number of privacy concerns arising from the use of email. The paper indicated that information leaks can severely harm both individuals and corporations – resulting in “expensive law suits, brand reputation damage, negotiation setbacks and severe financial losses”.
The paper presents a methodology for detecting potential leaks through comparing past email content of any message / recipient pair to the new message, identifying emails with significant differences. Tests conducted were able to correctly identify email leaks in almost 82% of the test cases.
While the paper suggests this technique can be easily implemented in email client software, a number of existing solutions can also be applied. For example, forcing users to encrypt classified emails not only secures message content, but the extra steps involved in the encryption process may provide users with the opportunity to re-examine the email address prior to the mail going out.
Privacy concerns aren’t limited only to the content of the messages, but also email addresses themselves. For example, in July 2005, PayPal received much attention for a piece of buggy “unsubscribe” request software which left customer email addresses exposed to attackers. Whilst the attack only revealed a small number of email addresses, the leak demonstrated the sensitivity of this information.
Despite these publicised incidents, the average email user will likely make mistakes which threaten privacy on a daily basis. For example, SIFT staff recently received an email from an information security conference organiser containing 303 unique email addresses in the “To” field. Even within the security industry, users often forget the techniques for safe email usage.
User education on the use and functionality of carbon copy (CC) and blind carbon copy (BCC) features are essential for any organisation which conducts business via email. In general:
# The “To” field should only be used for recipients whom the email directly concerns;
# The “CC” field should generally be used for recipients, who are indirectly involved in the content and whose involvement you would like the direct recipients to be aware of; and
# The “BCC” field on the other hand should always be used when sending to a group of recipients who are not directly associated with each other on the matter discussed. For example, a mailing list.
Furthermore, organisations may also consider formally documenting these processes in corporate policy for email usage where operations require extensive collaboration on sensitive projects via email.
For more information see the following resources:
California Power-Buying Data Disclosed in Misdirected E-Mail:
http://www.freerepublic.com/forum/a3b4611e82dc0.htm
Preventing Information Leaks in Email:
http://www.cs.cmu.edu/~vitor/papers/sdm07.pdf
PayPal E-Mail Leak Brings Phishing Worries:
http://www.eweek.com/article2/0,1895,1754013,00.asp