Is your email service secure?
That was the question High-Tech Bridge, an information security solution provider, decided to answer in a recent study of seven of the most popular email providers based on their level of SSL encryption. The company found that among the free services used for enterprise email, only one company received a top score, with Gmail receiving average marks.
The study was conducted using High-Tech Bridge’s free online PCI DSS and NIST compliant SSL test, which was recently updated with support for non-HTTP protocols for SSL/TLS security testing.
During the assessment, the company tested SSL/TLS implementation of services including SMTP, SMTPS, POP3S and IMAPS used by email agents, according to the announcement. The goal was to test the security of the communication channel between the mail server and client’s mobile device or computer.
Based on the study, Fastmail was the only service to receive a grade of A+, and is the only email service provider that meets current PCI DSS compliance requirements for SSL/TLS encryption. Gmail ranked second in terms of email security with a B+ grade, with High-Tech Bridge noting that the service has one of the most flexible SSL/TLS configurations compatible with old and outdated email clients.
Other email services such as Outlook.com, Mail.com, Yahoo! and Inbox.com all received scores of B-. Hushmail, which has previously been considered one of the most secure email providers, received a failing grade, according to High-Tech Bridge. The company soon after updated its SSL configuration and received a score of B+.
With the prevalence of security breaches and other cybersecurity issues, it’s critical for businesses to ensure that their corporate email servers remain secure to minimize the chance of information loss. While there is never a guarantee of complete safety on the web, vigilance and constant monitoring are the only ways to minimize the potential damage that can be inflicted by bad actors or malicious software.