(By Mark Henricks)
“The solution to these weaknesses is to encrypt messages so they can’t be decoded by anyone other than the intended recipient. Encryption software that can handle the job is widely available for low or no cost. However, the need to exchange keys so messages can be decoded makes most encryption solutions too cumbersome for many users.“
You don’t have to be Anthony Weiner to appreciate being able to send truly private messages over the Internet. Many business owners have legitimate reasons for wanting to text, tweet and email with confidence that their messages won’t be seen by anyone other than the intended recipient.
And they’re not the only ones needing some privacy. Health-care companies need to follow federal patient privacy rules. Financial services firms have to comply with similar regulations regarding clients’ financial data. Companies in any field may send payroll data, credit card numbers or other sensitive information via email or Short Message Service (SMS) text. For these, secure messaging isn’t an option to avoid embarrassment—it’s a requirement to stay in business.
The problem, as Weiner’s debacles show, is that it’s not easy, or at least not foolproof, to send messages securely. “By definition, SMS messages are not secure. They go out over non-secure channels and are not encrypted,” says Scott Goldman, CEO and co-founder of TextPower, a San Juan Capistrano, California, secure messaging company.
The same is true for email. Revelations that the National Security Agency scans billions of messages have raised awareness that email is not always safe from prying eyes. But this isn’t news to email security firms, and it has nothing to do with the NSA.
“It’s not an inherently secure protocol,” says Pete Cafarchio, vice president of business development and marketing for DataMotion, a secure email provider in Morristown, New Jersey. As he explains, once an email leaves the sender en route to its recipient, it passes through any number of servers, where copies sit unencrypted for an indefinite period, all the while accessible by any administrator or hacker.
The solution to these weaknesses is to encrypt messages so they can’t be decoded by anyone other than the intended recipient. Encryption software that can handle the job is widely available for low or no cost. However, the need to exchange keys so messages can be decoded makes most encryption solutions too cumbersome for many users.
Another approach is to first deliver encrypted messages to a secure Web server. Instead of getting a coded message, recipients get a text or email containing a hyperlink that takes them to a secure Web page. After the user enters his or her password, the message is decoded and displayed. Since messages are encrypted before sending and stay that way during transmission, they aren’t saved unencrypted on any email servers along the way.
“That’s highly secure,” Goldman says of this approach. “And it works just fine as long as you have a smartphone and can tap on the URL and open it in a browser.”
Many secure email solutions work in the same fashion. For the recipient, the experience is similar to using a Web-based mail program, like Gmail, to retrieve email with a user name and password. The main difference is, the message has been encrypted during transit.
Secure messaging solutions also offer other features to improve safety. For instance, Santa Monica, California-based TigerText lets senders “instruct” messages to delete themselves after being read by the recipient or after a short period of time. And DataMotion has a feature that scans outgoing unencrypted emails for sensitive information such as Social Security numbers and encrypts them automatically.
The costs for these services vary. TigerText’s consumer app is free to download in the Apple and Android app stores. The TigerTextPRO app for enterprises starts at $10 per user. DataMotion’s secure e-mail service costs as little as $1.25 per user per month.
Protecting Your Messages
But business owners can do a lot to improve the security of their messages without spending a dime. For instance, former Congressman Weiner could have tweeted without fear of public exposure if he’d merely used the “D” prefix before his correspondent’s Twitter handle rather than the “@” prefix, which makes a tweet visible to everyone.
Generally speaking, however, there’s no secure way to messages using social networks. “I wouldn’t post anything on Facebook or Twitter or any other social media that you wouldn’t want to see on the front page the next day,” Goldman says. “It’s that simple.”
Technology aside, many leaks are due to a careless or treacherous correspondent. Aclipsa, an Irvine, California-based company that provides secure video and texting solutions, helps limit these kinds of breaches by limiting what recipients can do with messages and giving senders more control. “Message recipients can’t save, forward or share any message, and the sender can recall a message at any time,” Aclipsa CEO Jeff Reichard says.
The large and growing number of remedies for insecure messaging, coupled with the new awareness of its risks, means there’s little excuse for anyone, business owner or politician, to be embarrassed or out-maneuvered due to an unsecured message. In fact, these sorts of scandals may someday be unheard of.
As Reichard predicts, “Secure messaging will be the standard way of doing business communications in the near future.”
“Opinion pieces of this sort published on RISE Networks are those of the original authors and do not in anyway represent the thoughts, beliefs and ideas of RISE Networks.”