I’m just trying to get my head round the security of email and communication via the net. Secure Email, in general not the product itself, is fine but unfortunately it only works for the initiator sending the mail and the recipients of that mail. That appears to be the end of the story as the recipient has to be compliant with the idea otherwise it all falls flat.
Just take this scenario.
I make an order over the net. Secure and certificated site to enter logon details, secure site for other account details and secure site for payments. Everything is wonderful … until you realise that the Vendor sends an unencrypted and uncertificated e-mail with your name, address, telephone number and e-mail address, order number, reference number, etc. Next the payments details come through showing type of card used, often the bank supplier of that card, the final 4 digits of the card and lo and behold your name and card address, all unencrypted.
My point being, that until there is a method to force everyone to send sensitive information securely over the net, the individual doing their own little bit will make no significant difference.
Not sure that’s the most fitting analogy, Melih. :THNK
The scenario I laid out happens all the time and it’s not just small businesses, it’s also those that have internal auditors vetting security of their computer systems as they are developed. (And external auditors periodically) Why are these insecure practices not picked up? It appears that there is less accountability on the WWW where the need is far greater than there was on mainframe systems in the past.
Although it’s impossible to police the web itself, many individual countries do have the powers in place to enforce best practices from companies and take necessary action against those who do not comply.
So why is no action being taken?
Silly question really, when Government Departments in the UK allow account details of all individuals claiming child benefit to be sent on unencrypted CDs via the post and lose them.
"Silly question really, when Government Departments in the UK allow account details of all individuals claiming child benefit to be sent on unencrypted CDs via the post and lose them.
