With the management of information also comes the responsibility to secure and verify. Having been around since the early 90s, use of the OpenPGP standard - Pretty Good Privacy (or PGP) in email is arguably one of the most neglected information security measures by companies and individuals.[acp footnote]Though the terms PGP and OpenPGP are now used interchangeably, strictly speaking PGP is a company name and trademark now owned by Symantec Corporation. OpenPGP is the name of the standard for encrypting and decrypting data.[/acp] Here are 3 reasons why you should begin to use it if you haven't already started to:
Embarrassing? Yes. Highly damaging to your business reputation? Ditto. Now if only you had used OpenPGP to encrypt the contents of those messages. At the very least your internal communications between co-workers would have been secure and you wouldn't have to read about out what Jim the CEO really thinks of Bob in marketing.
The next day you wake up to find chaos....not only can you not log in to your email account any more, but every service tied to that email account no longer works. Your website and e-commerce platform has also been hacked and apparently you've been sending emails to your customers, confessing about all sorts of embarrassing (though untrue) details about your products.
Your company loses money, time, and its reputation. If only you had used OpenPGP to verify that Nick the IT guy really was Nick the IT guy...
You call the company to re-confirm the payment details, only to discover that what is now in that email is not what you originally typed in. Somewhere along the line, someone either mistakenly or intentionally changed those details. You stress that the email was changed, but since anyone can spoof an email without a signature, no one can prove that it wasn't your mistake. If only you had used OpenPGP to sign your email...
These are just a few brief examples of why you and your company should be using OpenPGP. In a future post I will go over specific software and training approaches that companies and individuals can use to streamline the use of this standard in their communications.[acp footnote]The OpenPGP standard can also be used to encrypt and sign files.[/acp]
[acp footnote display title="Notes" /]
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.