Suppose you were at a trade show and lost a briefcase filled with contract bids, customer lists, and confidential technical data. You would be worried, right? Then start worrying--if, like most entrepreneurs, you do a lot of business by e-mail.
Okay, e-mail may not be quite the window on your world that a chock-a-block briefcase would be, but it's not a private channel of communication, either.
A snoop with even modest technical skills can grab e-mail from an Internet service provider's servers, from your own network servers, or even from an executive's PC. Perhaps you haven't heard about "packet-sniffers" that can troll the Net for messages to or from a given address. It's enough to make you go back to licking stamps. But even then, you'd use an envelope. E-mail, says Deborah Pierce, a staff attorney with the Electronic Frontier Foundation, "is like sending a postcard."
To the rescue: encryption programs that turn e-mail into strings of letters and numbers that can be unscrambled only if the person on the receiving end has the right software. "It's a fancy kind of word substitution," says David Martin, an encryption expert with The Privacy Center at the University of Denver.
Fifteen years ago, this kind of technology was the province of intelligence agencies. Five years back, maybe big companies could afford it. Now, it's a perfectly sensible purchase for a small business.
Nor is it complicated to use. Most encryption programs require no more skill than clicking a mouse on an e-mail program. Employees at Allen Cowen's Datamex Technologies Inc. in Mississauga, Ont., use services from CertifiedMail.com to send confidential materials out of the office--and they needed virtually no training for it. Cowen now sleeps better. "The Internet today just doesn't provide the security or privacy we think we need," he says.
Techniques that are most suitable for small companies come in three forms:
LOCAL OPTION: The most popular mail scrambler around is PGP (Pretty Good Privacy) for Windows. First offered in the early 1990s, 5 million copies of the program are now installed, thanks to its dispersion as "freeware" for noncommercial users. A copy of the $23 program has to be installed on individual computers.
PGP works by generating two mathematical "keys." Think of it like this: One key is used to lock, or encrypt, messages sent your way. You make this key (a little piece of software) available to anyone who wants it--you might send it to them directly, or it might be on your Web site. Once a message is locked up with that public key, however, it can only be opened with a second, private key that stays on your personal computer. Activated by a password, the private one has to interact with the public one to open the message. The encrypting itself is easy--you just click a button on Microsoft Outlook, Lotus Notes, or other e-mail programs.
PC-based encryption has one big limitation: Both the sender and the recipient must have a copy of the program. That may be fine for key clients or the company attorney--particularly because it encrypts attached documents--but it won't help for occasional or one-time contacts.
REMOTE ACCESS: Another method of encryption--one that's available to anyone, anywhere--uses programs housed with a service provider on the Web. A leader in this group is ZixMail, from ZixIt Corp. (ZIXI) With ZixMail, you can send encrypted messages from the company's Web site. Recipients will be notified by e-mail that there's a secure message waiting for them, and they can open the message with a prearranged password.
This can work well in dealing with the public. Ben Tittle, a Dallas-area plastic surgeon, employs a user-friendly ZixIt-enabled system to take questions from potential patients. He says they appreciate the confidentiality of encryption. "I think it adds a measure of comfort," he says.
An alternative is to use ZixMail software on your own computer with Microsoft Outlook. That allows users to send secure mail directly to another ZixMail user, or to the Web site for pickup by a nonuser. The software can be downloaded from the ZixIt site (www.zixit.com) for a 30-day free trial. Subsequently, the cost is $24 per year per user.
LOCKED UP TIGHT: The Achilles' heel of password-protected documents is obvious: The recipient of an encrypted e-mail could be careless with a password. For the truly security-conscious, there's SafeMessage, from Bellevue (Wash.)-based Absolute Future Tech Inc. It circumvents the public network entirely.
Instead, Absolute Future sets up a secure, private lane on the Internet for members' e-mail traffic. Messages are composed on a SafeMessage e-mail program--not Outlook or Eudora-- and only designated members of the network can receive them. SafeMessage also blocks the most common ways that e-mail leaks out. Recipients can't copy, save, forward, or print SafeMessages. It makes no backup copies of the message, and can be set so that a message is destroyed ("zorched," in SafeMessage lingo) within a time set by the sender. A system with 10 users, hosted by Absolute Future, costs about $1,100 a year.
That's money, but probably no more than a year's supply of stamps. And it includes the price of the envelopes. By Douglas Gantenbein