Email is the most commonly used way for businesses to communicate externally with customers and suppliers. Millions of emails are sent every day as we send contracts, invoices, and important business documents around the world. The only problem is, email is not secure.
Email accounts can be compromised by attackers using phishing attacks or otherwise, exposing your email communications to cyber criminals. Email messages and attachments can also be intercepted as they travel over the email network. By default, emails are not encrypted as they travel from your emails servers to the recipient. This means that if hackers are able to compromise this data, they can read your emails and attachments.
When emails are encrypted however, the contents of the emails are scrambled, so that only the intended recipient can access them. In this article, we’ll cover how encryption works, why it’s important, and the easiest ways for organizations to implement email encryption.
What is Email Encryption?
Today, there are two main protocols used for encryptingemails:
- Encrypting an email while it’s in transit (TLS)
- End-to-end email encryption
Transport Layer Security (TLS) Encryption is used by email providers,like Microsoft and Google, to secure emails as they move from sender torecipient. It stops emails from being read after they are sent, but before theyare delivered.
Before TLS Protocols were introduced, it was common for cyber-criminalsto be able to read emails when they were in transit, and therefore not secured.These attacks are known as ‘man-in-the-middle’ attacks, and could be hugely damagingfor businesses.
While TLS provides strong protection against these particularattacks, the emails are still only secure when they are in transit. This meansthat if a cyber-criminal is able to compromise an email account through phishing,or some other means, they would still be able to read any emails or attachments.
For any emails that hold highly sensitive information orbusiness emails, TLS encryption on its own does not provide an adequate levelof protection. For this reason, many organizations are turning to enterprise emailencryption solutions that provide end-to-end encryption.
End-to-end encryption ensures that email messages are encrypted by the sender, and can only be decrypted by the intended recipient on their device. End-to-end encrypted emails are secured at every stage of delivery, and cannot be read even by email servers. This makes it very difficult for cyber criminals to compromise sensitive information or attachments.
Put simply, end-to-end encryption uses public keys to secure email. The sender encrypts messages using the recipient’s public key. The recipient decrypts the message using a private key.
There are two methods that organizations can implement end-to-endencryption, PGP and S/MIME. These involve organizations manually configuringtheir email systems to send encrypted emails. However, these can be hugely difficultand complex to configure for organizations of all sizes, and often come withsecurity vulnerabilities of their own.
Enterprise Email Encryption
The easiest way for organizations to implement emailencryption is through an enterprise encryption solution. These solutionsprovide end-to-end email encryption to organization, allowing users to encryptemails with ease.
These services automate the encryption process, savingadmins the hassle of having to set up encryption key creation and management.They allow users to encrypt emails with a click of a button in their email client.They also allow admins to set policies which automatically encrypt sensitiveemails.
Cloud-based solutions are very simple to deploy. Usuallythey require a plugin to be installed in the mail client, which gives users theability to encrypt emails. They also provide admins with a dashboard, wherethey can monitor where encrypted emails are being sent, although many will hidethe contents of emails from IT admins.
Many solutions give end users more controls over their email,with controls such as revoking access to send emails, stopping email forwarding,and the ability to stop printing or copying/pasting of emails. The top vendorswill also implement features such as requesting signatures in encrypted attachments,perfect for organizations who need to send invoices and contracts via email.
Important Features to Look for in An Encryption Solution
One of the most important features to look for when it comesto email encryption is a high-level of security use. Encryption is eitherrequired or recommended for email compliance in all major data regulatory advice,and so it is important to find a solution that adheres to data regulatory securitystandards.
Another important factor is considering how easy the serviceis to use. Encryption can be complex, but it’s important that when using an enterpriseencryption solution, users can easily send encrypted email and crucially, therecipient can easily open the encrypted email. Implementing an encryptionservice is an important security need, but if users avoid using it because it’scomplex, there isn’t much point.
The biggest factor informing the security of the encryption and how easy the service is to use is the method of encryption that the solution uses:
Methods of Email Encryption
TLS Encrypted Email:
TLS encrypts email in transit to the recipient, stopping it from being intercepted.
Pros:
- Very easy for users to send emails, with no extra steps beyond hitting send
- Easy to deploy
Cons:
- Does not encrypt messages in the sender or recipient email inbox
- Does not hide messages from emails servers
- End users don’t know if emails are encrypted, and are unable to manually encrypt emails if needed, as encryption is all policy based
Encrypted PDF:
This involves sending the email and attachments using encrypted PDF, Office and ZIP files.
Pros:
- Ensures all documents and attachments are delivered intact, looking good on all devices.
- Ensures senders and recipients can access encrypted emails directly from their inbox.
- Encrypted emails and attachments can be viewed even when the user is offline.
- Secure passwords can be set to access PDFs and Folders.
Cons:
- No controls to track email delivery.
- No controls to stop attachments being forwarded, downloaded or sent back to the user unencrypted.
Web Portal Encryption:
Web portal encryption is the most common delivery method for encrypted emails. Encrypted emails are delivered via a secure webpage. Users can send an encrypted email directly from their email client, then the recipient has to sign in to view the encrypted messages.
Pros:
- Secure, and normally is simple to get set up and use
- Can be completely white labelled and rebranded
- Messages are encrypted at every stage
- Users have a range of controls, such as secure passwords, read recipients, control over email forwarding and email recall
- Audits are easily available
Cons:
- Can be time consuming for recipients to have to log in to view encrypted messages
Many encrypted vendors will offer one or more of these methods of encryption, allowing customers to choose the right method for them.
To find the best encryption solution for your organisation, read our guide to the top 10 email encryption platforms for business.
