Emails are a key component of everyday business communication. Approximately 28% of an employee’s 40-hour work week is spent reading and answering emails, with an average office worker receiving 121 and sending 40 business emails each day. Despite the magnitude of time and resources spent reading and writing emails, email security is still not a widely discussed topic.
About 45% of all the emails sent over the internet are spam. And spam emails are costing businesses more than $20.5 billion annually, with this cost expected to rise to $257 billion within a few years. The FBI addresses these cases as Businesses E-Mail Compromises (BEC), asserting that they are an emerging global threat, with 22,143 cases of BEC being reported to them over the span of 3 years, amounting to $3 billion in fraudulent transfers.
FBI provides noteworthy real-life examples of Business E-Mail Compromise on their website, highlight how easy it is for an average employee to fail to detect these fraudulent emails among the sea of other important business emails. Spammers exploit this situation to craft emails that looks exactly like a legitimate email, sent from someone important with a strong sense of urgency, giving the busy employee no time to verify the authenticity of the email. For example, an accountant in a US company received a fraudulent wire transfer request for $737,000 to a Bank in China that included the CEO’s signature over the company seal. The email looked exactly like all the previous fund transfer requests, making it impossible for the accountant to recognise it as spam, leading to a huge financial loss to the organisation.
An important solution that businesses can employ to combat such BEC’s is digitally signing all intraoffice emails. Digital Signatures assures the recipient of the email of the identity of the sender and of the integrity of the message received. The security goals that it fulfils are authentication, integrity and non-repudiation. In simple words, the email is unmodified and sent by the person who claims to be the sender.
Digital signatures work based on the principle of asymmetric cryptography. Basically, two keys are generated per user: a public key and a private key. The sender signs the email using their private key and the receiver can verify the authenticity of the email by matching the public key of the sender with the public key that is published online. So the private key is known only to the user and is used for signing the email. Meanwhile, the public key is known to everyone and can be used to assure the receiver of the identity of the sender.
So now you know why we need digital signatures and how they technically work. In the next article, you’ll learn how to implement them in your everyday email communication for one of the most frequently used email clients: Outlook.