E-mail is a great tool for quick communications. In today's world of fast paced offices and home lives, e-mail is an ever growing medium of communications. However, accepting e-mail at face value can be a critical mistake. Just ask anyone who has inadvertently allowed a virus into their computer system at home or work. But that's not all: Making the assumption that the contents of the e-mail you are sending and receiving are secure can be potentially even worse. The problem is that e-mail is a growing source of fraud and espionage. Consider these scenarios: * You are a department supervisor sitting at your desk quietly deciphering next quarter's budget that you have spent many overtime hours preparing. You are notified by your ever-present e-mail client that you have new mail. The e-mail is from your manager, thanking you for all the hours you have put in on the budget. In closing he directs you to take tomorrow off as reward. Do you take this e-mail at face value? * You are at work; you receive an e-mail from your spouse stating that he or she has forgotten the PIN number for their ATM card. Your spouse requests that you send it ASAP. Do you send the PIN number via e-mail? * You are a loan officer spending the afternoon reviewing loan applications received from your website. You run into an incomplete application and have a quick question for the applicant. The subject matter is confidential. Do you send them an e-mail to the applicant requesting a response? Important data should never be sent via e-mail. Nor should it be taken at face value when it is received via e-mail. An unscrupulous and unauthorized person can read, edit and even originate the message. Applications are readily available that can turn an e-mail message with genuine intent into a horribly embarrassing situation or even financial disaster. This applies to e-mail users in the largest companies and individual users at home alike. All that is needed is access to the network wiring where the e-mail data is passing. Considering today's wireless networks, even physical access to the wire or building facilities would not be needed. A malicious user sitting in his car across the street from the credit union could possibly read your e-mail as the signals are passing through the air. Sending an e-mail with the intent of making it appear to come from another possibly official source is commonly called "spoofing." This is an ever-increasing method that is used to request information and/or send malicious e-mails. This method could be at play in scenario A and B above. In both cases the telephone could be used to confirm the e-mail and its intent. People with limited technical knowledge are now able to collect and interpret the electronic signals going across a wire. In the case of wireless networks, this also applies to the air. This practice is commonly called "sniffing" and the tools used are called "sniffers." Commonly available sniffers can decipher the collected signals and organize them back into the original messages. Some will even display the message exactly as it was sent, right down to the fancy font you may have used in the e-mail. If the sniffed e-mail contained confidential material, that, too, would be visible just as it was sent. This method could be used in scenario B and C above to discover confidential material that could prove to be financially devastating or embarrassing. Just as technology has produced the powerful tools that are making this type of corruption possible, technology is also producing tools that many experts consider to be capable of protecting e-mail content from the tools. To my knowledge there are no mail clients on the markets that come with this capability from the manufacturer. They are however, readily available from third-party certificate providers such as VeriSign. If you have a need to send confidential e-mail, I recommend talking to your network administrator about personal certificates that can enable e-mail encryption. According to the experts, e-mail protected with these certificates is reasonably secure from people with malicious intent. Without special procedures being taken, I recommend that you go by the old network administrators' saying, "Do not send (or request to have sent to you) anything via e-mail that you would not send on a postage card." This old saying carries even more weight today.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.