Gmail Is Not a Secure Way to Send Sensitive Comms: A Friendly Reminder
New end-to-end Gmail encryption alone isn't secure enough for an enterprise's most sensitive and prized data, experts say.
Stay secure with the latest encryption news, trends, and best practices in information security. Protect your data with cutting-edge cryptography.
Search across headline titles and summaries.
Background for this topic.
Encryption transforms readable data into ciphertext using an algorithm and a key, so someone who obtains the ciphertext cannot normally understand it without the required key. It protects confidentiality for data in transit, such as traffic between services, and at rest, such as files, databases, and backups. Encryption does not by itself prove who sent data, prevent tampering, or protect plaintext displayed on a compromised endpoint.
Its security therefore depends on implementation and key management. Attackers may target stolen, exposed, or overprivileged keys, weak algorithms or protocols, poor randomness, and systems that decrypt data unnecessarily. Use modern, authenticated encryption where appropriate; protect keys separately from encrypted data with tightly limited access, rotation and revocation procedures, and monitored use. Verify that encryption covers relevant backups and internal service links, while recognizing that lost keys can make recovery impossible and that encrypted traffic may still reveal metadata such as timing or endpoints.
New end-to-end Gmail encryption alone isn't secure enough for an enterprise's most sensitive and prized data, experts say.
Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.
European Commission Demands Law Enforcement Access to DataThe European Commission’s ProtectEU strategy aims to overhaul internal security, proposing law enforcement access to encrypted data by 2026 and a roadmap to explore lawful encryption backdoors and enhanced intelligence-sharing between EU member states and agencies to combat rising cyber threats.
Also: Gootloader Malware, GCHQ Intern Pleads Guilty, Check Point Breach UpdateThis week, a "Fast Flux" warning, Gootloader malware, an GCHQ intern pleaded guilty to stealing top secret data and Check Point undercuts hacking claim. Also, Google rolled out end-to-end encryption for some Gmail users, Apple backported patches and Dutch prosecutors cut internet access.
ProtectEU plan wants to have its cake and eat it too The EU has issued its plans to keep the continent's denizens secure and among the pages of bureaucratese are a few worrying sections that indicate the political union wants to backdoor encryption by 2026, or even sooner.…
When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights how important your SSL configurations are in maintaining your web application security and
The new Google Workspace features will make it easier for enterprise customers to implement end-to-end encryption within Gmail.
On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks
Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient. [...]
The UK government must be thrilled Google will soon offer end-to-end encrypted (E2EE) email for all users, even those who do not use Google Workspace, and says it'll do so without imposing any undue stress on IT admins.…
Google is set to roll out end-to-end encryption for all Gmail users, boosting security, compliance and data sovereignty efforts