Security measures such as encryption and 2FA help make email communications more secure, but they have their own issues for many users and fall short in some ways. Use them wherever you can, but remember that nothing works better than common sense, especially when you click on links in an email.

The majority of breaches of computer systems through email are user-initiated. A user clicks on a link – usually because of carelessness – that results in giving up login credentials for a website or a technology system. Encryption is no protection against a user causing a breach.

Security holes in encrypted email include human error, such as failing to encrypt messages or falling for phishing attacks, reliance on imperfect encryption in transit where servers may not support it, vulnerabilities on the recipient’s device like malware or unsecured devices, and issues with key management, such as weak passwords or lost private keys.

Let’s focus on those last two points. Securely managing and distributing encryption keys is complex. If private keys are lost or stolen, recipients may be unable to access their encrypted messages, and attackers could use stolen keys to decrypt emails. Easily guessed passwords for email accounts can be compromised, allowing attackers to access encrypted emails on a device.

Attackers can also exploit complex email systems by compromising intermediary servers or utilizing features that weaken security. These can include URL redirects to bypass encryption and deliver malicious content.

Instead of adding complexity, it might be better for most organizations to reemphasize some proven basics. One of them is 2FA. As imperfect as it is, 2FA can utilize a device such as a cell phone, which should be in the hands of the user. Yes, it can be defeated, but that happens if a system has already been breached and the attacker has changed the phone number and/or email address of the user.

The other basic is common sense. Don’t click on a link in an email unless you are 10,000 percent certain it’s correct and legitimate. AI is making it harder to detect malicious links, so users must be more vigilant. Don’t be in a rush, especially if you’re juggling several tasks. The safest way to respond to an email with a link or phone number is to open a browser and go to the website of the company. You should be able to find a phone number and maybe a legitimate email address to contact.

We can help you with email security in two ways. One way is to conduct a security audit of your email system to find and patch holes. The other way to help you set up 2FA systems, including biometrics and authenticator apps. Call us – 973-433-6676 – or email us to discuss your needs and possible solutions.