Emails have been established as one of the prime ways to exchange information. Long gone are the days of signing letters and buying postage stamps.
And yet the technology has created its own issues, not least of which is the hijacking of our email accounts. Trying to outwit the nefarious use of our addresses is rather like holding back the tides, much the same as King Canute attempted when he demanded that the sea cease to move past his feet.
However, try we must as much of our commerce is now confirmed electronically, and email is the preferred option for providing “written” evidence of our intentions and heads-up on key updates.
Unfortunately, in order to counter spamming and the like we are forced to embrace extreme complexity. Government guidance to secure email data is a perfect example of the nerd-like lengths we are exhorted to follow. They say:
- encrypt and authenticate email in transit by supporting Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC) as a minimum
- use extra encryption if your data needs more protection
- make sure the recipient protects the data you send to them
- make email security invisible to end users as far as practically possible
Central government organisations should already have implemented encryption and authentication in line with the Minimum Cyber Security Standard.
Really? How are we supposed to make sense of this sort of instruction?
Increasingly, we are at the mercy of our chosen experts, the firms that set up and manage our email servers. It requires a leap of faith to assert that all is well, that our systems are good-to-go, as try as we may, those dratted spam emails and less wholesome vehicles for malware continue to invade our inboxes.
This is a fight we will probably never win and yet it is one we can never abandon.