by Kazeem Olalekan
Last month I posted something about best practice with respect to site encryption. That sorts out the front door. If you wanted to protect your house from buglers, would you lock the front door and leave the back door open? I hope not. That is no way to do security. This is not a tutorial about how email can be intercepted (you will have to write to NSA or GCHQ for that). If your web form is going to transmit sensitive information you have so diligently collected over a secure socket, via email, then it is prudent that the email provider you are using encrypts the transmission of mail over their network. Otherwise, you might just as well leave the backdoor open and put a flashing neon sign on it saying ‘open for harvesting business!’
A number of major email providers are now deploying email encryption as standard. Google is doing it, Yahoo has announced it and I am sure others will follow. I cannot say that someone really determined cannot break in but at least you have done your best. Someone so determined may just break the door down. Maybe sometime in the future, I will discuss how to fix an alarm to your online assets. For now, always maintain best practices.