Why should you secure your email

Why secure email?

Standard email is simple, fast and convenient but transferring across unknown mail servers in the Internet its information security level is comparable to that of a traditional unsealed post card. Because of its facility and overall popularity email is one of the most primal communication media of today's organizations. Paradoxically these features also expose it to several different invisible threats online.

Messages sent via standard email are written in plain text and cross several networks, most likely several countries, before reaching their final destination. Even if the sending and the receiving servers were both known to be encrypted and safe, there would be no way of knowing which other servers the standard email might cross and no way of making sure those servers would be safe to pass through. In reality, in today's world anybody can learn tricks on how to meddle with unencrypted email.

Furthermore, many countries, such as Sweden and the USA, systematically monitor through going email traffic in the name of national security. It is also always a risk for standard email to mysteriously disappear on its way, in between different unknown servers, or because of the lack of security in the connection between a crossed server and the receiving device.

The privacy of confidential emails

Email is generally an insecure communications channel. Sending contents through standard email, the sender cannot be certain if the message has reached the destination and whether it has been transferred safely through the Internet or not. As confidentiality cannot be guaranteed, confidential or sensitive information should never be sent using standard email channels.

Personal data protection in the EU and in Finland

The European Parliament has restricted the handling of personal data in the telecommuniations sector by a specific directive (97/66/EC). The processing of personal and sensitive data, such as social security numbers is required to be done with extreme caution and discreteness and service providers are prompted to take appropriate measures to safeguard the security of their services. The Finnish Data Protection Ombudsman has defined specific practices for Finnish businesses concerning the handling of customer and employee registers and data according to the directive 97/66/EC and the Finnish constitution (§10): A corporate email containing personal data must be encrypted and handled with caution. The regulations are fairly stricter when it comes to businesses and public parties functioning in social and health care.

The Finnish Data Protection Ombudsman's homepage

Email and the confidentiality of correspondence

The Finnish Constitution (§10) specifically defines the confidentiality of a letter, phone call or any other private message, untouchable. This Confidentiality of Correspondence extends to any properly and decently secured message - such as a sealed letter or a secured email. Disobeying the Confidentiality of Correspondence is a punishable offence in Finland.

A standard email cannot be defined as a secured or sealed message, because there is always a known risk of somebody, such as a person monitoring the network, accidentally seeing and even reading the message. Generally speaking, the level of security of an unsecured email can be compared to that of a traditional postcard, which obviously can be read by anyone.

Emails sent though SecMail® Secure Email are properly sealed, and consequently protected by the Finnish Confidentiality of Correspondence. The SecMail® service offers a confidential mail box for sensitive and private messages and gives the sender the opportunity to monitor the successful deliveries and receive secured replies. Furthermore, SecMail® retains all Secure Emails sent from Finland on Finnish ground, which inhibits the practising of foreing laws on messages sent using SecMail® Secure Email -service.