Email encryption is a hugely important way for organizations to prevent data loss and comply with regulatory requirements for the email channel. Email is one of the leading causes of digital data breaches. Why? Because it’s fundamentally insecure. A staggering 94% of malware is spread via email, and it’s also extremely easy for data to be accidentally sent to the wrong recipients.
For this reason, many organizations choose to implement a third-party email encryption solution. Email encryption solutions protect the contents and attachments of email content, ensuring that only the intended recipients can access confidential data. Email encryption can massively reduce the risk of data breaches and prevent costly regulatory fines that can occur if confidential or personal data is shared accidentally or compromised by malicious threat actors.
However, the email encryption market is a crowded space, and it can be difficult to find the right solution to suit your organization’s needs. To help you find the right solution, we’ll break down the top eight features to look for in an email encryption solution.
You can see our guide to the top ten email encryption solutions here.
1. Cloud-Based End-To-End Encryption
There are broad range of email encryption methods out there for organizations to choose from. For most organizations we recommend looking for a cloud-based service that enables end-to-end email encryption—also known as public key encryption.
End-to-end encryption ensures that email messages and any attachments are encrypted when the message is sent from your device, when it’s in transit, and then when it is received on the target device––even after it has been delivered. This works using public and private keys that are only held by you as the sender and the intended recipient. You can read a comprehensive guide to how this works here.
In our view, public key encryption is the most secure method of encryption without compromising usability. It prevents any third parties from accessing your email content at any point during the sending process—even the email encryption provider themselves.
Cloud-based solutions are normally the best options when it comes to ease of deployment, cost-effectiveness, and management. Most providers on the market today offer a cloud-based solution for encryption.
2. Policy-Based Data Loss Prevention
Policy-based email encryption can help prevent data loss that occurs because of employees making simple—but, potentially, very costly—mistakes.
Email encryption solutions should enable admins to configure pre-set rules to automatically encrypt emails containing certain pre-defined keywords, certain types of attachments, or even certain contacts or target domains.
This means that if an employee sends credit card information over email, it will be automatically encrypted, limiting the risk of the information being intercepted. Or, in a healthcare organization for example, if an employee sends a confidential patient record in error, it will be encrypted and inaccessible without authorization, helping to avoid breach of data regulation.
Some email encryption providers use machine learning algorithms to automatically encrypt emails they deem to contain sensitive email messages, which is a good choice for organizations looking for an extra layer of protection beyond static policy rules.
3. Legal Compliance
One of the most important use cases for an email encryption solution is to help organizations meet legal regulatory requirements, which have been strengthened in many states and countries in recent years. This is particularly true in highly regulated industries, such as legal services, finance, or healthcare.
For this reason, we highly recommend looking for an encryption solution that is fully compliant with both general data protection regulations you are subject to, and any industry-specific regulations that apply to the data you process.
It is also important to ensure that you can prove compliance. Look for the ability to provide proof of encryption with timestamps, reporting of encrypted emails being sent (we’ll cover this in more detail on point four), and pre-defined data loss protection controls which can be audited.
4. Range Of Delivery Methods Available
An often-overlooked factor of email encryption is how easy it is for recipients to access the encrypted emails once they arrive in their inboxes. After all, if you send an important encrypted contract via email but your contact can never access it, then the solution has failed at step one.
We recommend choosing a solution that makes it very easy for recipients to access, read and reply to encrypted email messages. And the best way to achieve this is to offer a range of delivery methods.
When it comes to encrypting emails many encryption providers will offer one or more delivery methods that enable recipients to open encrypted emails. Some examples include:
- Web portals: Online browser-based portals which users need to log into to open and reply to email messages
- Encrypted PDFs: Emails are sent as PDFs which are encrypted, requiring a password to open
- S/MIME and PGP: Emails can be sent inside the email inbox as normal, with an extra layer of control to govern access, such as requiring multi-factor authentication from users
Organizations should consider solutions with multiple delivery methods available. This can improve security and ensure that you can choose the best service for ease of access for different email messages. It’s also important these methods work on smartphones and devices of all sizes.
We highly recommend trialing an encryption solution with a subset of users before making a final purchase. Often, methods can appear easy to use—but if users have to deal with a slow web browser portal to read email messages, there can be a big impact on productivity and on support teams.
5. End User Controls
With any encryption solution, it should be easy for end users to manage the encryption process directly from inside their normal email inbox, on desktop or mobile.
End users should be able to easily send encrypted email messages from their inbox and should have granular control and visibility into how emails are delivered.
Many encryption solutions enable users to see when encrypted emails have been opened, track email delivery, manage email forwarding, prevent copy and paste, and even revoke access to encrypted emails—essentially unsending an email after it has been delivered.
This can be a great way to mitigate accidental email sending , even after an email has already been received by a recipient.
End users should also never need to install any agents or software to either send or receive email messages.
6. Easy-To-Use Admin Console With Reporting
An important feature of any email encryption for admins is the admin console. We recommend looking for a solution with a modern, well-designed admin console to help you more easily manage users and implement policies more easily.
Reporting is an important component of email encryption. Within the admin console there should be a range of granular reports for IT admins to view where encrypted emails are being sent with encryption logs. As previously mentioned, this is an important way to ensure legal compliance. These reports should be easy to export when needed.
In addition, the admin console should allow admins to easily manage integrations. The best encryption solutions offer multiple deployment methods to roll out encryption to users, so you can choose the best method for your particular network environment.
One of the easiest ways to deploy encryption is with API-based encryptions to email platforms such as Office 365, Google Workspace and Exchange Online, which you should be able to quickly manage from the admin console.
7. Branding Options
If you’re using encrypted emails to send out important documents to customers—a common use case in the healthcare and financial sectors—you may wish to consider a solution with customizable branding options.
Customization can include having your brand logo in the encrypted email, customized copy, or customizable colors. Some solutions also include warning banners that alert users when emails should be encrypted—these should also be customizable.
This isn’t a critical feature, but it can be an important one for many organizations, and it can help users to feel more safe opening an encrypted message from your organization.
As part of this, it can also be important for international brands to find a solution with multiple language options to ensure the encryption experience is consistent across also geographies and nationalities.
8. Accuracy and deliverability
The final, and possibly most fundamental, feature to look for is accuracy and deliverability of encrypted email messages. If users cannot receive the encrypted messages you send, or if sensitive and confidential information is routinely emailed out unsecured, even with an encryption solution in place, the solution is not doing its job.
We highly recommend you trial any encryption solution before making a final purchase to check for accuracy and deliverability. Utilize the reporting feature to check emails are being sent and received and take user feedback into account when making a final decision.
Take a look at user feedback and read independent reviews of encryption solutions which will highlight any reported issues with accuracy, deliverability, or ease of use.
Armed with this feature checklist you’re ready to start looking at encryption solutions. A good place to start is our guide to the Top 10 Email Encryption Solutions.