Your e -mails may not go -code because Google and Microsoft have not told you
- Advertisement -
Related Posts
- Advertisement -
- Experts warn e -mails that are sent with sensitive data is still not delivered -code, and nobody is informed
- Microsoft 365 sends e -mail in normal text when coding fails, without warning the user
- Google Workspace still uses uncertain TLS 1.0 and 1.1 without warning senders or rejecting messages
Most users assume that e -mails sent via cloud services are standard and safe, but this may not always be the case, has claimed new research.
A report of Paubox found Microsoft 365 and Google workspace Both failures in ways exposed to exposing messages, without informing the sender or logging in the malfunction.
“The use of outdated coding offers a false sense of security because it seems as if sensitive data are being protected, even if it really isn’t,” Paobox said.
Standard settings quietly undermine coding
The problem is not just a technical lead; It stems from how these platforms were designed to work under common conditions.
Google Workspace, the report, will fall back on delivering messages using TLS 1.0 or 1.1 If the receiving server only supports outdated protocols.
Microsoft 365 refuses to use outdated TLs, but instead of bouncing the e -mail or warning the sender, it sends the message in normal text.
In both cases the E -mail is delivered and no warning is given.
These behaviors form serious compliance risks, such as in 2024, Microsoft 365 accounted for 43% of the breaches of health care.
In the meantime, 31.1% of the violating care of TLS -traffic -moved configurations, despite the fact that many of these organizations used “Force TLS” institutions to meet the compliance requirements.
But as PAUBOX notes, the forcing of TLS does not guarantee coding with the help of secure versions such as TLS 1.2 or 1.3, and failed when those conditions are not met.
The consequences of silent coding malfunctions are far -reaching – care providers who send in routine protected health information (Phi) via e -mail, assuming that tools such as Microsoft 365 and Google Workspace offer strong protection.
In reality, none of the two platforms enforce modern coding when errors occur, and both risks of violating hipaa, guarantees without detection.
Federal guidelines, including those of the NSA in the US, have long been warned against TLS 1.0 and 1.1 due to vulnerabilities and downgrade risks.
Yet Google still allows delivery via those protocols, while Microsoft does not send coded E -mails without marking the problem.
Both paths lead to invisible compliance errors -in one documented infringement, Solara Medical Supplies paid more than $ 12 million after non -coded E -emails were exposed more than 114,000 patient records.
Cases such as these show why even the Best Fwaas or ZTNA solution Must collaborate with visible, enforceable coding policy for all communication channels.
“Trust without clarity is what organizations break,” concluded Paubox.
Maybe you like it too
- Advertisement -
