Blog & News

Folklore of Opportunistic Privacy

There is a wide body of people that believe they are sending information private because they are sending using Microsoft Office 365, Gmail, or using a third-party service that sends all messages using transmission layer security.

And they may be right; if secure sometimes is good enough.

There is the notion of “opportunistic privacy” also referred to as “opportunistic TLS”, which sounds pretty cool. It certainly sounds secure.

But what does this really mean? Let’s take a look at deciphering a popular myth about secure messaging.

(Warning, if this article seems too technical, it is important enough that we suggest you forward to your IT consultant.)

With email, many popular services tout secure messaging simply because they enable “Opportunistic” TLS private transmission. This simply means, if the sending server can transmit using secure transmission methods, it does; but if it cannot, it simply transmits the message in plain text, like a message written on a postcard…like your tax, investment, or health ailment details written on a postcard.

Not great; but is it good enough? Well, that may depend on how many servers there are out on the Internet where email TLS transmission does not work. How often does this not work? At least 1 in 10 messages on average sent by Google Gmail or Microsoft servers using opportunistic TLS are sent in plain text, according to them. And for some recipients, 10 in 10 are sent in plain text (click to read more, Tech Essentials article, “Not All TLS is Created Equal”).

But wait, there are also different levels of secure transmission. TLS 1.0 and 1.1 are deemed not to be secure enough for transmission of financials like credit card data (for PCI Compliance). TLS 1.2 is good.

So, what about enabling “opportunistic TLS 1.2” privacy? This generally is not an option (other than with RMail).

Well, wouldn’t it be simpler if the servers simply “enforced” TLS privacy? This also sounds good, but what it really means is that if the message is not able to be transmitted securely, it is not sent at all. Not good. Instant calls to IT staff complaining. Ugh.

What is really needed is a service that can be set to do the following, invisibly to the sender, and just figuring out automatically the best user experience for the recipient. The ideal secure messaging service should:

1. Send opportunistically secure with the level of security the sending company desires as a minimum (i.e. TLS 1.0, 1.1 or 1.2) and, if this level of security cannot be met, still enforce security by reverting to an alternate method. Of course, the alternate method should also be easy; it should not require recipient log-ins or retrieval links. The alternative should deliver direct to the recipient inbox and automatically manage any password needs.

And better,

2. if when sending, the service also set up a simple way for the recipient to reply securely so they may also be able to attach documents in their reply and transmit back to the sender encrypted, regardless of the receiver’s system with without recipient log-ins.

And even better,

3. provide the sender with delivery and open tracking visibility with proof of privacy compliance for each message (HIPAA, PII, PCI); and best, with auditable proof of compliance for those dealing with GDPR (Article 5 and Article 31 compliance).

And perhaps,

4. mark the email so the recipient is aware the sender took the care to protect the particular email content.

Finally, the ultimate;

5. all of the above while providing the administrator the option to set automated rules so certain messages are sent encrypted with the above methods based on certain message text or key word triggers in the message subject; or from a mobile phone by simply adding a symbol in the subject. And perhaps, if the words “wire transfer”, “investment portfolio”, or “attorney-client privilege” are in the message, send in a super secure manner, so the content even remains encrypted inside the recipient inbox when not being viewed by the recipient.

Microsoft Office 365 and Gmail don’t accomplish this. But RMail does. RMail does all of this and makes it simple and affordable. Install and try RMail instantly, at no cost. Click here to download for Outlook or Gmail.

Join an RMail training session live or view a recorded video. 

If you would like your IT consultant to purchase RMail through Ingram Micro, pass along this link.


To learn more about RPost products, visit www.rmail.com or www.rsign.com 

British Insurance Brokers’ Association Affirms Importance of RPost, an Accredited Facility Provider

To assist in complying with these requirements, the British Insurance Brokers’ Association (BIBA) has approved RMail® secure and certified electronic messaging services for use as a Member Facility for all of its members. British insurance brokers face more regulation, whether it be new privacy regulations requiring auditable proof of private transmission (GDPR) or The Insurance Act’s requirement to maintain proof of fair presentation of risk in disclosures. With insurance broker customers large and small, including global companies Aon and Willis Towers Watson, RPost’s services have become a centerpiece in the sector.

“BIBA facilities are designed to help our member brokers with day to day work activities. RMail® is a valuable tool to help members comply with e-delivery requirements and data privacy rules. Registered Email™ and email encryption technologies by RPost enable brokers to send safe and secure electronic communications and may also help brokers and their clients arm in the battle with cyber-crime,” comments Shaune Worrall, Technical Services Manager, British Insurance Brokers Association (BIBA). RPost is a sponsor at important insurance events in May, including BIBA’s annual conference in Manchester, England.

Two leading insurance platforms, one of the largest in Europe, Acturis, and one of the largest worldwide, Applied Systems, have built RPost into their offerings, making it native for many users. “The Acturis RMail integration gives our users the power to legally prove email, get documents signed and encrypt private information on email all from within the Acturis system,” states Theo Duchen, CEO of Acturis.
————————————

RPost UK partners: please contact David Wood to get started with RMail or RSign. Contact RPost

Pig Latin, Russian Spies and Email Encryption

With the recent media focus on cybersecurity, whether it is talk of Russian hackers scheming to influence US presidential elections, or the pervasive pressure to comply with GDPR or HIPAA (healthcare privacy regulations) or other consumer data privacy requirements, “encryption” is one of the solutions that is often introduced.

When sending email, email encryption can indeed protect your strategic dialog from potential exposure, and its mere use can demonstrate your best efforts to protect consumer data against data breaches. As reported by The Guardian, NSA whistleblower Edward Snowden has said, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

Not all email encryption and methods of use are equally effective, though. And, one might prefer different types of encryption depending on the situation.

“Caesar Cipher” and “Pig Latin” are Forms of Encryption

Suppose Donald wants to send a secret message to his friend William but worries that snoopy Vlad may intercept it. Donald needs a way to scramble his message so that only William can read it. A simple way to do this would be for Donald to replace each letter in his message with the next highest letter; shifting it by one (think “Caesar Cipher” or “Pig Latin“).

But, of course, that is too simple. If Vlad intercepts the message, he’ll be able to easily decipher it by looking for hidden patterns in the letters it contains. All it will take to crack the code is a little mathematics and a little trial and error.

And, of course, if Vlad uses a computer, he’ll be able to crack the code even faster. So, just shifting (as is the case with Pig Latin) the first letter to the end and adding “ay” as a suffix (turning “HELLO” into “ELLOHAY” for example) isn’t a very strong cipher. Certainly, Russian spies would crack this encryption. So, what can Donald do?

Well, he can try to think up a more complicated mathematical formula to scramble the letters and numbers. And maybe he can use a computer to apply the formula. This will help, but the problem is that if Vlad hires clever mathematicians, or if he has a powerful enough computer, he will be able to crack the code eventually. So, it looks like it’s going to be an arms race with Vlad to see who can come up with the biggest computers and the most complicated formula. But because Vlad has nearly unlimited resources to pay mathematicians and to spend on computing power, it is a race Donald and William are perhaps bound to lose.

What is Considered “Strong Crypto”?

We have established that more complex encryption patterns are more difficult for Vlad to decipher, unless Vlad can use a powerful computer to help figure out the pattern; yet they remain easy for Donald to read, because Donald has knowledge of the pattern (the decryption key). Most technicians understand that more complex algorithms are harder to “crack”, that is, they require more computing power to crack.

How does Computing Power Impact the Time to Crack the Encryption?

Let’s consider the example of using computing power to try to guess a 10 digit seemingly random alpha numeric password, such as: tjo9i0982d using a “Brute Force” attack (i.e. trial and error). This would be similar to trying to find a pattern in a universe of combinations of 36 digits (26 possible letters and 10 possible numbers). According to Gibson Research Corporation, in this example, there are 3700 trillion combinations, and the time to guess and test the right combination using trial and error in an online environment is one thousand centuries (assuming one thousand guesses per second). However, in what Gibson Research calls a “Massive Cracking Array Scenario” with one hundred trillion guesses per second offline, this password can be guessed in just 38 seconds.

Computing power does matter. But, not many, if any (today), can implement a “Massive Cracking Array Scenario”. One institution that could potentially implement such a system is the National Security Agency (NSA). In recent years, the NSA completed a $1.5 billion data center in Utah that reportedly has more than 100,000 square feet of computer and data storage equipment in a facility that spans a total of 1-1.5 million square feet.

Is Today’s Commercial Encryption Readable by the Russian Spies with their Computing Power?

This is a question that some people know the answer to. We do not. Most commercial encryption uses algorithms that the NSA has “approved” for “civilian, unclassified, non-national security systems”. These algorithms are what encrypt your email or financial transactions when using email encryption or secure HTTP web based connections with commercially available systems. Some of these NSA approved (unclassified) algorithms include DES, Triple DESAES, DSA and SHA.

So, when it comes to using email encryption to protect “civilian, unclassified, non-national security systems” and information, what are the most important considerations?

The Tech Essentials recommended way is to use RMail email encryption, as it makes it easy for both senders and recipients to protect sensitive message content and file attachments.

With RMail, you may set the “primary” method, and there is an automated secondary method. This primary method can be selected to first send using an encrypted transmission method that auto-decrypts at the intended recipient so they need to do nothing additional; and if the encrypted transmission cannot be accomplished due to the recipient system, the message automatically reverts to a secondary method.

The secondary method converts the message to an encrypted PDF, embeds the attachments in their native format into the PDF, password protects it (AES 256-bit encryption), and transmits to the recipient as a PDF attachment, along with a second email with the password. This is all automatic, determining the simplest user experience for the recipient at all times, based on the recipient system. 

Join an RMail training session live or view a recorded video.

If you would like your IT consultant to purchase RMail through Ingram Micro, pass along this link.


To learn more about RPost products, visit www.rmail.com or www.rsign.com 

More Insurers Move to RPost; European Expansion Accelerates

British insurance brokers face more regulation, whether it be new privacy regulations requiring auditable proof of private transmission (GDPR) or The Insurance Act’s requirement to maintain proof of fair presentation of risk in disclosures. With insurance broker customers large and small, including global companies Aon and Willis Towers Watson, RPost’s services have become a centerpiece in the sector.

Two leading insurance platforms, one of the largest in Europe, Acturis, and one of the largest worldwide, Applied Systems, have built RPost into their offerings, making it native for many users. “The Acturis RMail integration gives our users the power to legally prove email, get documents signed and encrypt private information on email all from within the Acturis system,” states Theo Duchen, CEO of Acturis.

To assist in complying with these requirements, the British Insurance Brokers’ Association(BIBA) has approved RMail® secure and certified electronic messaging services for use as a Member Facility for all of its members. “Registered Email™ and email encryption technologies by RPost are essential tools that are available to our members…to reduce the risk of cyber-crime,” comments Martin Bridges, FCII Chartered Insurance Practitioner, Technical Services Manager, British Insurance Brokers Association (BIBA). RPost is a sponsor at two important insurance events in May, BIBA’s annual conference in Manchester, England, and NetVu’s Accelerate annual conference in Cincinnati, Ohio.

Ingram Micro, the world’s largest technology distributor, is building on the RPost momentum, now bringing RPost technology to small businesses across the UK and Europe. “Cyber security is a massive focus for us in 2019, and having RPost onboard will only extend this focus to grow to new heights,” states Scott Murphy, Director of Cloud and Advanced Solutions for Ingram Micro UK&I. RPost’s RMail and RSign services are now available through the Ingram Micro Cloud in the United Kingdom, Europe/Netherlands and other markets (USA, Canada, Australia). RPost is a sponsor at the one of the largest tech distributor events in London, Ingram Micro’s May annual Cloud Summit UK, with Ingram Micro’s RMail and RSign offerings available to MSPs in the UK and Europe.

“RMail and RSign do not require sophisticated API programming to start, they integrate into simple Office products; easy to understand,” adds Volker Sommerfeld, Product Manager for Franking and eSolutions at Frama Communications AG. Frama has deployed RMail and RSign to more than 1000 corporate customers in Europe. “With RMail and RSign, we are helping customers master their digital transformation keeping in mind ease of use; a critical success factor for any digital transformation!”

RPost successes in Europe are due to the design of its RMail security and compliance, and RSign e-sign digital transformation products. “We see momentum in Europe due to an evolving trend. Operations staffs are looking more and more to digitally transform operations; but now with the clear understanding of the requirement to select transformational technologies that additionally check-the-box for security, privacy and compliance. RMail and RSign do just that,” adds Zafar Khan, RPost CEO.

————————————

RPost partners: please contact Sean Walsh to get started with RMail or RSign. Contact RPost

Vacationing in the Bahamas? Leave Your Laptop at Home

The constitution provide certain privacy rights. Attorneys and their clients generally enjoy extra protections on privacy with “privileged” correspondence. But what happens if the information is inadvertently exposed? There are all sorts of pitfalls that can expose your sensitive information. Here are some shocking ones.

File sharing services can cause waiver of attorney-client privilege if files are not send with an encrypted link. (Try RMail Largemail for encrypted file sharing – Click here)

Archive vendor staffers sometimes sell access to your data, which is what some believe to have caused the rich and famous exposé known as Panama Papers and Paradise Papers.

And now there is a new one. Customs and Border Protection officers that meet and greet you at the airport, are now receiving request from a variety of government agencies to meet, greet, and download all your data from your phone and laptop.

In exchange for letting you get home, airport border security may force you to give them all of your data; your phone data (locations visited, contacts, photos, social media posts, email, texts, and more!) and your laptop files (tax returns, attorney correspondence, love letters, browser history, saved photos, email and attachments, internet video views cached in your browser, and video and photo downloads, etc.).

The Electronic Frontier Foundation (EEF) and ACLU have filed a lawsuit against the U.S. Government to request the courts to end what they refer to as warrantless search and seizure. EEF reports government mandated device downloads at the border are up 400% in the last year. Considering the number of border patrol data seizures and number of annual international travelers returning home, more than 1 in 1,000 are likely to be welcomed with a device data seizure; that is about 1 person for every two jumbo jet flights returning to the USA.

Meet Jeremy Dupin, a journalist living in Massachusetts, Aaron Gach, an artist living in California, Diane Maye, a college professor and former captain in the U.S. Air Force living in Florida, Matthew Wright, a computer programmer in Colorado, parties mentioned in the EEF lawsuit; and 33,000 other American and US residents who were welcomed at the border with a friendly border security welcome home…we let you go home only if you let us download all of your data.

Your private photos exposed, video data cached in your browser cataloged, your attorney correspondence shared across government agency, what might be downloaded, saved, cross referenced, and shared across government department? For most, perhaps nothing of much interest. But if any agency feels they might want your information that they cannot easily get otherwise, this process makes it easy.

Getting Trump tax returns? Easier for the Democrats, perhaps, to simply notify Border Patrol to seize the data from Trump tax advisers’ laptops next time they head to the Bahamas on vacation. Maybe, leave your laptop at home.

RMail is your best choice for privacy and compliance. RMail Largemail makes it easy for you to send large files right from Microsoft Outlook with encrypted links, for extra protection. Install now, at no cost.


To learn more about RPost products, visit www.rmail.com or www.rsign.com 

Caution. What You Might Find When Posting Your DNA Online

More than one in twenty Americans have voluntarily submitted their genetic code – the map of who they are personally and physically – to an Internet company. Most people were lured by cute TV ads creating curiosity about heritage.

Your DNA is a genetic code defining your traits. Without boring you on the biological aspects of this, the DNA submission may unknowingly and irrefutably connect you to relatives (newfound siblings, parents, etc.) that you did not know were related. It can also reveal the presence of your genetic code that may make you a higher risk person to insure. It may reveal recessive gene or heterozygous genetic makeup that may make you a less desirable mate (or more desirable); a perfect addition to future online dating services.

The dark side of Internet DNA testing may be shocking to those that have not considered the consequence. The trust people put in an online privacy statement (that may be amended from time to time) is equally shocking, especially when it comes to posting a genetic map of themselves, with really no way to retract it once it is posted.

A revealing article in The Atlantic delves into the unexpected. “In conversations and correspondence with more than two dozen people for this story, I heard of DNA tests that unearthed affairs, secret pregnancies, quietly buried incidents of rape and incest, and fertility doctors using their own sperm to inseminate patients. These secrets otherwise would have—or even did—go the grave.” The article adds, “It’s getting harder and harder to keep secrets in our society. If people haven’t come to that realization, they probably should. This generation right now and maybe the next 15 years or so, there’s going to be a lot of shocking results coming out. I’d say in 20 years’ time it’s going to dissipate. By then, our expectations of privacy will have caught up with the new reality created by the rise of consumer DNA tests.”

There are Facebook groups now with thousands of online DNA tester members, discussing the emotions of their findings when they have been contacted by genetically matched, formerly unknown parents, children and siblings.

What will the new realities be of consumer DNA testing?

What if these Internet DNA companies are acquired? What happens to the data? Privacy statements make it clear that the information will be shared with an acquirer. Who might want the DNA makeup information of the world? Big insurance companies to price discriminate based on genetic makeup?

Maybe Google or Facebook. Why not own indisputable information about who you are, combine it with your email correspondence and Internet traffic analysis, perhaps associate it with your Amazon purchase data, and why not combine with your car GPS mapping history showing who you visit when? In the world of big databases, cross referencing all this data provides the perfect DNA map of your physical traits, biological relationships, personality traits, and habits. All owned by Silicon Valley.

Of course, Silicon Valley big tech can do no wrong. Companies with cute logos and friendly web services are trustworthy; with even your most personal secrets. They would never share this information (with advertisers or upon receipt of government subpoenas). Or would they?

It may be too late for many. Once you send your tax returns without email encryption to your tax adviser or spouse who may use Gmail (at the sender or receiver) or G Suite (you would never know if they used Gmail), email content is analyzed by Google and your tax data is mapped by Google and associated with your profile.

Your DNA, your personal correspondence, all of this sits in the cloud, churning through big tech servers, searching for insights and patterns to better business.

It may be too late to preserve any element of personal privacy if you have already submitted your DNA to Silicon Valley. But with each email containing sensitive information, you may wish to preserve some future privacy by encrypting certain messages.

RMail email encryption is the best choice, as the private information is delivered direct to the recipient and is not stored on a server for recipient retrieval, like many other cumbersome services. (Use RMail email encryption at no cost – Click to Get Started)


To learn more about RPost products, visit www.rmail.com or www.rsign.com 

RMail, RSign Thrive from Australia to Europe

RPost momentum continues through its global distribution channel; sales for RMail and RSign thrive.

“Ingram Micro Cloud is pleased to introduce RPost to the growing and expansive portfolio of cloud services and solutions we provision on Cloud Marketplace UK. Cyber security is a massive focus for us in 2019, and having RPost onboard will only extend this focus to grow to new heights,” states Scott Murphy, Director of Cloud and Advanced Solutions for Ingram Micro UK&I. RPost’s RMail and RSign services are now available through the Ingram Micro Cloud in the USA, Canada, United Kingdom, Netherlands, and Australian markets. Ingram Micro is world’s largest technology distributor.

RPost’s main service platforms are RMail®, with its award-winning Registered Email™ e-delivery proof and email encryption compliance services, and RSign® for simple, legal, and secure e-signatures.

“More and more, companies in Europe are realizing standard email is just not good enough for some important messages, considering heightened regulations, ever more sophisticated hackers, and business interest in more efficiencies. We have now deployed RMail and RSign with more than 1000 companies in 6 countries across Europe, with new customers signing on daily,” states Volker Sommerfeld, Frama Product Manager. “Companies like the SMI Social Medical Institute in Berlin are using RMail to process their clinical data lawfully and fully compliant toward GDPR in Germany.” The Frama group of companies have been managing sensitive data for more than 100,000 customers across Europe for two decades.

RMail® services make it easy to send email encrypted in a way that simplifies life for intended recipients to decrypt — perfect for compliance with privacy rules and to protect client info from eavesdroppers and Internet thieves.

“We see RMail and RSign as important enhancements to our customers’ messaging and document operations, contributing to better security and saving staff time and money. This is a perfect combination of user simplicity and security,” states Daniel Albertsson, Nordic Cloud Manager, Advania. “We are bringing these solutions to our customers across Sweden, and the Nordics.” Advania is a leading Nordic IT-provider serving thousands of multinational enterprises, governments and corporate clients of all sizes with a wide range of IT-services, cloud solutions and support.

RMail services also include certified e-delivery proof, e-signature, secure large file sharing, email imposter protection services and more, all-in-one. Users that install RMail inside their Microsoft Outlook interface can access RSign with one-click, or RSign can be purchased as a stand-alone web service.

RSign® services make e-signing simple and affordable with flexible monthly pricing plans, while including advanced features to transform business operations — sharable templates, custom workflows, real time reporting, and more.

“Customers in regulated industries, as well as businesses large and small, have relied on RPost technologies for more than a decade, for the highest levels of security and compliance with the simplest user experience,” states Lee Welch, Director Cloud Services, ANZ, Ingram Micro. “We are pleased to bring these services, to track, prove, e-sign and encrypt, to our channel partners worldwide, with a variety of service plans to fit any company need.”

RPost partners: please contact Sean Walsh to get started with RMail or RSign. Contact RPost

Not All Email Tracking is Created Equal

If you are sending a zillion newsletter or marketing emails, sure, email marketing platforms make it easy to manage your email list; and many do provide some basic tracking information.

But how reliable is this information? Should it be relied on important business email or important notifications?

No. Why not?

First, many of these email marketing platforms base their tracking on whether images in the email where displayed or not. If you are sending primarily to business readers who predominantly open email in Microsoft Outlook, image tracking is disabled at the recipient end by default.

And… if a recipient opted out to one of your prior emails, unless you take great care to manage opt-out options, they may be opted out of all of your future emails — even the important ones.

And… if there was a transient delivery failure at one point in time, that recipient may be permanently opted out of future email — again, even important ones.

And… if sending to recipients with large ISP email addresses (like Gmail, Yahoo, Outlook.com, etc.) you had better keep in mind, most of these systems are trained to de-prioritize email sent from known email marketing platforms (putting the messages in promotional sub folders of the inbox, likely never to be read).

And further… many advanced email platforms at the recipient are today more zealous in their email blocking, requiring sender domain registration and key systems (DKIM, SPF, DMARC). These may or may not be properly configured in the email marketing platform and if not, may reduce likelihood of delivery to the intended recipient.

Trend Alert: Heightened hacker sophistication has advanced email security, requiring smarter email delivery systems for important email. 

A county tax authority in Virginia recently switched from use of their email marketing platform, for sending tax notices, to RMail Registered Email services. They reported that 30% of recipients claimed non-receipt of the email sent from the email marketing platform and solved this problem by sending via the RMail Registered Email services (watch proof of delivery video).

Were the tax authority messages sent and received, and simply claimed not to have been? Maybe, since these were tax notices. Regardless, the email marketing platform did not provide a deep forensic record that could be shared with the recipient, proving email delivery, content of the message and attachments sent and received, and timestamped forensic metadata as evidence.

If there is consequence where the email can be claimed to not have been received, in any business, RPost recommends sending it as a Registered Email™ message.

Sending as a Registered Email message is simple and provides irrefutable proof (click for free Outlook or Gmail app). The messages are sent from dedicated business email IPs, improving deliver-ability and categorization as business email, and they return a self-contained digital forensic record, providing timestamped and verifiable proof of email delivery including timestamped message and attachment content; for any recipient.

Real estate and property management operators rely on this for irrefutable proof. This service has been identified by the insurance industry as top choice for proof of email delivery for more than a decade and identified as top choice by more than 20 bar / law associations.


To learn more about RPost products, visit www.rmail.com or www.rsign.com 

Today’s Hackers Target Executives with Simple Social Engineering

Today’s hackers are more innovative. Rather than just running up charges on your credit card, they are looking to extort money in exchange for return of your private information or to limit their use of it. For insurance executives, private information often includes emails related to customers and their policies. Data could include confidential information about assets, employees, vendor contracts and bank accounts.

These more innovative hackers hold the private information as ransom. They request a payment or disclose private client correspondence, irreparably lock certain personal photos and files on one’s computer, post private information online for all to see, or sell internet browsing behavior. After receipt of the “ransom” payment, the hacker usually follows through on the promise so as not to endanger the potential of future ransom payments.

Hackers identify profitable targets from online profiles, company websites, and public real estate records. Their research can include more intrusive tactics such as intercepting email correspondence, eavesdropping at public Internet locations, or accessing online accounts.

A main access point for hackers seems to be email. If they gather enough information about you from eavesdropping on your email correspondence, they will be able to, in many cases, gain access to your systems.

The more they learn about you, the more likely they will succeed in extorting a bigger and better “ransom”. In many instances, the FBI recommends paying the ransom because the alternative resolutions are more costly than the cost of the ransom. “The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office.  “To be honest, we often advise people just to pay the ransom.”

How might you mitigate your risk?

1. The best way to avoid a ransomware attack is to encrypt email communications that contain sensitive information. This minimizes opportunities to intercept emails and glean valuable information.

2. Minimize clicking on links from incoming emails if you do not trust the source and recognize the context of the message. The source can easily be masked, so ensure you recognize both the source and the context.

3. Your email account is the gateway to your information – account statements, password reset processes, and more. Ensure you use email account passwords different from your e-commerce website passwords.

One of the simple actions you can take today to thwart these hackers is to ensure that when you send personal email with sensitive information, you send it with RMail®message-level encryption.

RPost’s RMail service provides email encryption that is radically simple for both senders and recipients. The encrypted message contents are delivered directly to the recipient’s inbox, and there is no need for the recipient to open a third-party webpage, create an account, or retrieve the files from another location. To learn more or get started, click here.

——————————–

To learn more about RPost products, visit www.rmail.com or www.rsign.com 

Google AMP Ends Email as a Record of Who Said What When

Wow! It is strange that one still trusts a printed or PDF’d email as a record of who said what when.

Microsoft did its best to make it clear that any email can be easily altered, with a few mouse clicks.

  • For those unaware, try this in Microsoft Outlook: open an email, click Actions, click Edit Message, change the message, save, close, open again, and magic – your email content has forever changed without detection! Watch video
  • You can also read our last blog on e-signatures revolution

But those using G-Suite, Gmail or Outlook Online, for example, often forget that email was meant to be a collaboration tool, editable, and easy to add notations into a received email for later thoughts and reference.

Those that send marketing emails are well aware of how easy it is to send a message where the SAME email displays entirely different message content depending on what email program the recipient has — if they are viewing the HTML (text/html) part of the message or the Plain Text (text/plain) part of the message. Easy to do; the same email says two different things.

And now, Google is introducing to the world a new part of the same email, called the AMP part (text/x-amp-html). (Techies can read more here.)

This alters a standard email as record forever.

This innovation should finally help people realize that unless you do something to preserve a snapshot of the entire message content, including metadata originally sent and received at a point in time, you may not be able to demonstrate that a later printed email (or printed to PDF) is the actual content displayed for a particular recipient at a point in time.

Why?

Google’s new AMP part of the email let’s remote third parties effectively enter your inbox. After you receive and view a message, they can change the content of the message parts so when you refresh, new content displays.

What you see now, is not what you may see next time you open the same email!

This may seem trivial, or very nice for marketers, but imagine you save an email for future reference, and when you revisit it later to remind yourself — or show someone else what the email said — you re-open the email and find the content to be different! Or, you print an email, and then are asked to compare to the original, and the printed version is different than the original you saved!

  • One example Google demonstrates is the sender of an email with special offer, can change the special offer price in the email, days later after you first view it. 

If you feel you might want, at sometime in the future, a record of who said what when by email, send your message using the Registered Email service.

Or, if you receive a message and want to preserve a snapshot of what you received, send a copy to yourself using the Registered Email™ service.

To try this easily at no cost from Microsoft Outlook, Gmail or other email, (click here).

By sending as a Registered Email™ message, you receive an RMail Registered Receipt™ email record that, at any time in the future, can authenticate and reconstruct the original message content, delivery and opening history, and all underlying timestamps and metadata.

Send Registered. Perfect proof, preserved.

Watch for Google’s AMP; which will forever change the perception of your inbox email as a record.

——————————–

To learn more about RPost products, visit www.rmail.com or www.rsign.com