Emails aren’t secure and there is no commercial solution in the marketplace to address this. Here’s why:
There are two obvious points of vulnerability with respect to email: the recipient and the sender. Most malware is designed to penetrate email accounts and as we have mentioned in previous blogs, it is becoming increasingly easy to guess passwords.
The less obvious, but equally vulnerable points of entry for a hacker are the network and the server. Just say your service is Outlook.com and you send an email to someone using gmail, which are two typical email providers for small businesses. Each connection between email providers involves multiple switchers and routers which are controlled by different entities. It only takes one of the networks to be vulnerable in order to expose your sensitive email to a third party hacker. Similarly, the ISP’s store your email on servers that are also constantly under hacker attack. As a general rule, ISP’s do not spend the resources to encrypt the emails that are stored to their servers.
There are some companies with promising technologies to enable encryption, but at this point, we have not seen a solution that addresses the fundamental vulnerabilities described in this blog posting.