Unhappy Trails

Keeping your private communications secure isn't as easy as you might think.
Magazine Contributor
4 min read

This story appears in the November 2002 issue of Entrepreneur. Subscribe »

"What did you know and when did you know it?" Those words are being thrown at businesspeople as often as politicians, and the search for evidence increasingly involves the reconstruction of "deleted" e-mail. OK, so you're not a Mafia don or a billionaire monopolist. But here are scenarios that could turn your hard drive into an evidentiary fishing hole:

  • A large competitor tries claiming patent infringement.
  • An employee sues your company for tolerating sexual harassment.

Irrespective of the outcome, what would the discovery phase of a lawsuit do to your operational efficiency, costs and profits? "It can easily cost $1 million and be disruptive to staff," says electronic communications expert David Ferris, president of Ferris Research.

Then, there's the threat from illegal intrusions. Ninety percent of the 500-plus companies responding to this year's joint FBI/Computer Security Institute survey had computer security breaches within the prior 12 months, resulting in a loss of almost a half billion dollars.

Any way you look at it, our reliance on e-mail and IM makes it difficult to keep proprietary information private. Think of an e-mail or IM as pixie dust that gets tossed across the drive platters of the PCs and servers you own, those your business partners own, and on any ISP and routing servers in between. Your messages get mixed up with billions of others annually, leaving a digital trail that's virtually impossible to tidy up.

Sooner or later, one of your messages will leave the safety of your e-mail server. Here are just a few ways to protect it in transit:
  • Ensuredmail ( www.ensuredmail.com ): This $30 plug-in for popular e-mail systems encrypts messages and attachments without recipients needing a copy.
  • HushMail.com : This $30-per-year service encrypts e-mail, but both sender and recipient need a HushMail account.
  • International PGP (Pretty Good Privacy, www.pgpi.org ): The OpenPGP encryption home page links to inexpensive plug-ins for various e-mail and IM clients. Recipients need a decryption key.
  • ZipLip ( www.ziplip.com ): You use your company's regular e-mail address but store encrypted messages on ZipLip's servers for $10 to $15 per month. Recipients are notified they can read them there.e factors have had an enormous impact on our society and changed American culture forever."

"Anyone who uses a computer for business could be at risk, even the self-employed," says Michele Lange, electronic evidence legal consultant for Kroll Ontrack, which recovers data from damaged hard drives and reconstructs deleted digital footprints for lawyers.

What Can You Do?

One thing you can't do is delete files. Yes, it's easy to wipe a hard drive clean with software like Kroll's DataEraser or Symantec's Norton WipeInfo. But investigators may find clues in a PC's recycle bin. If they do find some, you may face an obstruction of justice charge, warns Jim Reinert, Kroll's director of worldwide software.

Ferris notes that large companies put e-mails on a central server and purge them after a month or two. For that to be effective, employees can't use external services like Yahoo! Mail, and everyone has to save important e-mail data. Message strings may serve as evidence to disprove allegations, so you need an archiving as well as deletion policy.

You could use a Public Key Infrastructure product like PGP (Pretty Good Privacy) to encrypt messages. Some Web services help you ensure that only encrypted messages land on Internet servers. But some services substitute your company address for one with a conspiratorial air, or can be less convenient than an in-house system. Do you encrypt "where do we eat?" lunch messages? Would discovery of such messages help or harm you?

Everyone must learn not to commit to messages "any thought you wouldn't want to see on the cover of The New York Times," says Lange. Sadly, this is another one of those consequences that accompany the Internet's blessings. But just because you act paranoid doesn't mean people aren't out to get you.

Mike Hogan is Entrepreneur's technology editor. Write him at mhogan@entrepreneur.com .

Contact Sources


More from Entrepreneur

We created the SYOB course to help you get started on your entrepreneurial journey. You can now sign up for just $99, plus receive a 7-day free trial. Just use promo code SYOB99 to claim your offer.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Are you paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.

Latest on Entrepreneur