The coronavirus pandemic has caused, among many other things, a massive uptick in the number of companies shifting to a work-from-home model. And with that shift has come a renewed focus on email security, since workers are now conducting their conversations on whatever device they have to hand rather than their (hopefully) encrypted and secure work computers.
If you’re drawn to Thunderbird as an email client, there’s a good chance that you’re more security-conscious than the average internet user. The majority of email users across the web aren’t going to get excited about a free, open source, cross-platform email client that stays true to the tenets of the Mozilla Manifesto—but for those who do, Thunderbird presents an attractive alternative to some of the more well-known email clients on the market. That said, it doesn’t offer encryption protection for your emails right out of the box.
Code source for encryption and other cybersecurity software is a sticky topic for many in the information security world. In one camp, you’ll find those who champion open source software as being inherently more secure. And opposite them, you’ll see those who say proprietary is the only way to go since open source has no accountability attached to it. The broader open-source vs closed-source debate has been raging for decades, since the early days of software. Both sides have their prominent proponents and just as prominent opponents.
In a survey of several thousand IT professionals across a dozen countries, 57% of respondents said that encryption key management at their company was “painful.” In a similar study, the risk and cost associated with key management was, on average, rated a seven out of 10. Those percentages change from year to year, but as the importance of encryption becomes increasingly obvious across different sectors, the total number of businesses dealing with serious encryption key pain is only going to go up.
Right now, your bank is probably vulnerable to costly cyber attacks. Why? Because, like most financial institutions, you probably haven’t implemented end-to-end encryption or robust endpoint protection. It’s easy to understand why something like this could fall through the cracks—no one wants to shell out for a complex software solution whose purpose they don’t fully get—but the next big cyber bank heist is coming, and you probably don’t want to be the victim.
Right now, when people think of seamless, end-to-end message encryption, they’re likely to think of WhatsApp (which has over a billion users) or Signal (which developed the baseline open source encryption technology). There’s a good reason for this: five years ago, when Signal was launched, it offered a pioneering commitment to both privacy and ease-of-use. "The choices we’re making, the app we're trying to create, it needs to be for people who don’t know how to enable airplane mode on their phone," Signal founder Moxie Marlinspike said in a recent Wired article—and it seems like the project largely succeeding at setting a high standard for ease-of-use.