The adoption of email has introduced a profound change in the way we communicate. We have all come to rely on it. Yet this convenience may come at a terrible cost. What are the risks of your business being run in open view on the back of digital postcards? How exposed are you to receiving crippling email-borne viruses or probing "Trojan horse" attacks? What would an outsider learn from the email stored on your chief executive officer's lost notebook?

When it comes to keeping private things private, not all email systems are created equal. The two main flavours in the corporate world are Microsoft Exchange and Lotus Domino. ISPs run a host of simpler systems. Between them, there's a better than even chance your private information reads like an open book to systems administrators or anyone else plugged into the wire between conversing parties.

So how easy is it to secure your system?

Out of the box, both IBM-Lotus and Microsoft offer message encryption for transmission across the wire, providing more privacy than a letter or telephone conversation. Of the two, Lotus seems to be a lot more powerful and flexible. But small businesses using ISPs for their mail service can also use digital certificates. These can be generated using tools like McAfee's PGP Security Suite or purchased from public key infrastructure companies such as eSign.

However, Rich Baldry, managing director of Sophos Australia, believes complexity makes them a difficult proposition to sell

Sophos in the past sold a number of encryption-related products but they never really took off," he said. "Potential customers would sound really excited about the security they could gain. However, on sober reflection, when they worked out how hard it would be to administer properly, they became considerably less enthusiastic."

Despite the drawbacks, without this kind of protection there's no way of knowing or proving the authenticity of an email coming in over the Internet.

Did the boss really say you're fired or is someone just playing games with the system?

Unlike physical letters, it is normal for emails to be copied all over the place. This makes computer hard disks our next vulnerability, with data routinely duplicated to enable recovery in case of a failure. The answer is to scramble this information as it is stored, so only authorised people can read it. Lotus's Notes email client and Domino server offers built-in encryption to do this, both on the end user's computer and the centralised mail store acting as a digital post office.

Microsoft's offering, known respectively as Outlook and Exchange, does not have any built-in encryption. Microsoft suggests Windows 2000's file and directory-based encryption be used instead. Sadly, earlier versions of Windows do not have this feature. However, they can be secured by putting Outlook's mail store on a virtual encrypted disk, again with something like McAfee's PGP Security Suite.

In all cases, executives must simply trust that IT staff have properly secured their mail-servers and will continue to respect their privacy. For small businesses using ISPs (and large corporations wishing to sack their IT manager), email can only be made absolutely secret with digital certificates. Inter-company communications must also use digital certificates recognised by all parties in advance.

On the phone, you can talk freely without committing everything to writing, lessening the impact of your words being used in a different context. But with email it is impossible to guarantee that a message will self-destruct in five seconds after the recipient has read it. Microsoft's Exchange does allow email to be "expired" if it is sent and received within the same organisation. But you can never stop people copying the information to their clipboard before the blue smoke appears. Parties can, of course, mutually agree to delete their conversations. Yet this may not be the end of the matter either.

Lotus completely destroys deleted messages unless the all-powerful system administrator specifies otherwise.

Microsoft says this is also possible with Exchange but when Outlook deletes, the material may not be wiped from your computer's hard disk. To compensate, it is suggested the message be erased using the Shift and Delete keys, then compressing the whole mail storage file, thus making the message "unrecoverable". Apart from being a pain to remember, Baldry says this method can still cause security leaks.

"The message you want to delete is effectively overwritten when the file gets compacted," he said, "but we mustn't forget to overwrite the space released at the end of the compacted file. That space will contain relics of completely different messages and who's to say you won't want to securely delete them at some point, too?"

Having secured your messages and machines, it's time to stop nasty viruses and sneaky Trojan horse programs molesting your business. Phone calls, letters and faxes are usually not so hazardous to normal operations. But email can be deadly.

"The Melissa virus was the warning and 'I love you' was the wake-up call," Allan Bell, McAfee's senior marketing manager, said. "People don't understand until they get hit. Then they hurt their customers."

While Bell's virus scanning at the corporate email gateway may weed out public menaces like Melissa, our recently introduced privacy protection measures will probably limit its effectiveness.

Encrypting email makes malicious code immune to server-based detection systems. After all, in order to be scanned, the messages must be first decoded, reintroducing the security hole we just plugged. Therefore the end user's system itself must be able to tell the difference between good and evil email attachments.

Unfortunately neither Microsoft Exchange nor Outlook have mechanisms for ensuring scripts and programs transmitted via email won't do bad things.

Once allowed to run, an attached program can pretty much do anything an end-user can, which is what the hackers rely on. This includes reading your hard disk or address book or other messages placed in your newly encrypted store. Lotus, on the other hand, offers comprehensive internal security levels, restricting code to various degrees of freedom. Developers commonly refer to this approach as a "sandbox", in which all code is forced to play by the rules.

"This is an excellent concept and one which can be relied upon," Baldry said. "Web browsers use it too. But a sandbox is only a software restriction and is susceptible to bugs."

Bugs are not the only issue. Once an attachment is outside the email environment, as with a macro inside a word processing document, Baldry falls back to his last line of defence: "If a virus infected attachment is sent in an encrypted message," he said, "a good desktop-based virus scanner will pick up the virus when the mail is decrypted. So the best way to stop these viruses is to use desktop scanning software that prevents them from executing."

Shields up, you're under attack! Somehow that malicious code got through.

But unlike Star Trek, in this electronic war the battle is over before you have realised it has begun. Who won and who lost? That may depend on the strength of your firewall. However, an attack coming in by email will most likely use your email system as its escape route also.

Therefore how much of your data gets transmitted to the outside world depends entirely on how well your network is secured from the inside.

Reverse email content filtering can help stop escaping information and bandwidth throttling, or limiting attachment sizes might slow it down. But generally speaking, once a virus or Trojan horse has penetrated your email's defences, only a policy of containment followed by a nuclear strike will fix it.

Disaster recovery is the final piece in the email puzzle. In fact, your email system isn't really secure unless it has an automatic back-up utility.

"Restoring from back-up is the best way to deal with a virus infection," Baldry said. "You cannot be certain that the 'disinfection' routines in anti-virus products are going to restore a file exactly as it was."

Neither Domino nor Notes has back-up and restore facilities, instead relying on products from companies such as Computer Associates or IBM. Microsoft Outlook has a free automatic back-up utility, available from Microsoft's Web site. Exchange has always come with automatic back-up but encryption is not included.

Baldry considers this omission could re-introduce the privacy risk.

"The main security risk with a back-up is that it takes all your sensitive data and puts it onto highly portable media," he said. "This makes it a much easier target for physical theft than when it's just on your hard disks."

Yet the back-up issue won't go away. While paper mail is vulnerable to the occasional fire or flood, computer crashes and virus attacks happen all the time. This makes third-party encrypted disaster recovery tools indispensable.

The days of pretending email is as easy to use as the phone, fax or handwritten letter are over. Clearly it is not. Email may look like text and write like text but in reality, it's an information and code gateway in and out of your business.

It deserves to be guarded more carefully than in the past.

eric@emis.com.au