1. Don't use servers based in US, or owned by a US company anywhere.
The US government's technology agency has updated its secure email guide for the first time in a decade and put it out for a month of public comment. The National Institute of Standards and Technology (NIST) guide [PDF] is 81 pages long and provides a surprisingly useful rundown on what to do to get your email secure. Its top …
Friday 1st April 2016 23:49 GMT Herby
Saturday 2nd April 2016 01:26 GMT Mark 85
So this agency is coming out and encouraging encryption? I'm shocked that the FBI hasn't been by to persuade them to the FBI line of thought. We really need a scorecard for this... some agencies for better encryption and some not. Although with all the election rhetoric, it'll come down to Congress listening to the fear mongers as usual.
Saturday 2nd April 2016 06:02 GMT Anonymous Coward
Saturday 2nd April 2016 06:52 GMT cantankerous swineherd
Sunday 3rd April 2016 10:46 GMT John Smith 19
As always in IT "It depends"
Are you running the system for you staff, or to email outsiders? Relevant if you're LM or Boeing or BP. Small companies on one site, not so much.
Do you management think keeping all email (not just their personal ones) private is important?
Will management invest if they find the current system can't do the job?
Are there products and services you can trust to do the job (and afford) that you can buy if the current system can't cut it?
Sunday 3rd April 2016 10:54 GMT Version 1.0
Securing the mail server isn't that hard if you are willing to make an effort - it's securing the users that's the real problem - serious security tends to make life harder for your users and, while they will usually not devote much effort to following recommended security procedures, they are often wiling to devote quite a bit of effort to work around them.
And the NSA adds in a footnote, whatever you do, don't use an iPhone - even the FBI can break into those.
Monday 4th April 2016 07:44 GMT All names Taken
The best of it is?
That here in the UK central guvmint, local guvmint, voluntary sector, ... organisations tell you that your data are confidential.
Then say "Can we email you that (confidential) report."
Or even worse still?
"Yeh, I'll scan it and send it to main office/sub-office/partner/ ... by email attachment.
If asked do they use encryption
"What's that? Oh password protected - no we can't send or receive any password protected emails - policy innit"
Sort of undermines Private & Confidential stamp that they put on things no?
Or is it just me?
PS: my insurance agency at least makes the attempt to password protect documents that I give permission to be sent by email attachments.
Monday 4th April 2016 07:49 GMT Anonymous Coward
Monday 4th April 2016 10:20 GMT amanfromMars 1
Security systems and secretive societies have as a much, if not even more of a problem and/or opportunity, with emails to and/or about them, and to myriad others, which are not encrypted and which carry in plain sight text, information and intelligence which vulnerable and compromisable parties would rather not become widespread general knowledge.
The fact is compounded and strengthened by such vulnerable, compromisable parties, in ways which can be suddenly catastrophic to those parties, if they choose not to engage in a spirit of mutual advantage with such intelligence in state or non state actors, for that non action is an open invitation for information to flow directly elsewhere to what might be considered opposition and competition, where it can surely be used to initial contacts’ great disadvantage.