Email is the most commonly used way for businesses to communicate externally with customers and suppliers. Millions of emails are sent every day as we send contracts, invoices, and important business documents around the world. The only problem is, email is not secure.
Email accounts can be compromised by attackers using phishing attacks or otherwise, exposing your email communications to cyber criminals. Email messages and attachments can also be intercepted as they travel over the email network. By default, emails are not encrypted as they travel from your emails servers to the recipient. This means that if hackers are able to compromise this data, they can read your emails and attachments.
When emails are encrypted however, the contents of the emails are scrambled, so that only the intended recipient can access them. In this article, we’ll cover how encryption works, why it’s important, and the easiest ways for organizations to implement email encryption.
What is Email Encryption?
Today, there are two main protocols used for encrypting
- Encrypting an email while it’s in transit (TLS)
- End-to-end email encryption
Transport Layer Security (TLS) Encryption is used by email providers,
like Microsoft and Google, to secure emails as they move from sender to
recipient. It stops emails from being read after they are sent, but before they
Before TLS Protocols were introduced, it was common for cyber-criminals
to be able to read emails when they were in transit, and therefore not secured.
These attacks are known as ‘man-in-the-middle’ attacks, and could be hugely damaging
While TLS provides strong protection against these particular
attacks, the emails are still only secure when they are in transit. This means
that if a cyber-criminal is able to compromise an email account through phishing,
or some other means, they would still be able to read any emails or attachments.
For any emails that hold highly sensitive information or
business emails, TLS encryption on its own does not provide an adequate level
of protection. For this reason, many organizations are turning to enterprise email
encryption solutions that provide end-to-end encryption.
End-to-end encryption ensures that email messages are encrypted by the sender, and can only be decrypted by the intended recipient on their device. End-to-end encrypted emails are secured at every stage of delivery, and cannot be read even by email servers. This makes it very difficult for cyber criminals to compromise sensitive information or attachments.
Put simply, end-to-end encryption uses public keys to secure email. The sender encrypts messages using the recipient’s public key. The recipient decrypts the message using a private key.
There are two methods that organizations can implement end-to-end
encryption, PGP and S/MIME. These involve organizations manually configuring
their email systems to send encrypted emails. However, these can be hugely difficult
and complex to configure for organizations of all sizes, and often come with
security vulnerabilities of their own.
Enterprise Email Encryption
The easiest way for organizations to implement email
encryption is through an enterprise encryption solution. These solutions
provide end-to-end email encryption to organization, allowing users to encrypt
emails with ease.
These services automate the encryption process, saving
admins the hassle of having to set up encryption key creation and management.
They allow users to encrypt emails with a click of a button in their email client.
They also allow admins to set policies which automatically encrypt sensitive
Cloud-based solutions are very simple to deploy. Usually
they require a plugin to be installed in the mail client, which gives users the
ability to encrypt emails. They also provide admins with a dashboard, where
they can monitor where encrypted emails are being sent, although many will hide
the contents of emails from IT admins.
Many solutions give end users more controls over their email,
with controls such as revoking access to send emails, stopping email forwarding,
and the ability to stop printing or copying/pasting of emails. The top vendors
will also implement features such as requesting signatures in encrypted attachments,
perfect for organizations who need to send invoices and contracts via email.
Important Features to Look for in An Encryption Solution
One of the most important features to look for when it comes
to email encryption is a high-level of security use. Encryption is either
required or recommended for email compliance in all major data regulatory advice,
and so it is important to find a solution that adheres to data regulatory security
Another important factor is considering how easy the service
is to use. Encryption can be complex, but it’s important that when using an enterprise
encryption solution, users can easily send encrypted email and crucially, the
recipient can easily open the encrypted email. Implementing an encryption
service is an important security need, but if users avoid using it because it’s
complex, there isn’t much point.
The biggest factor informing the security of the encryption and how easy the service is to use is the method of encryption that the solution uses:
Methods of Email Encryption
TLS Encrypted Email:
TLS encrypts email in transit to the recipient, stopping it from being intercepted.
- Very easy for users to send emails, with no extra steps beyond hitting send
- Easy to deploy
- Does not encrypt messages in the sender or recipient email inbox
- Does not hide messages from emails servers
- End users don’t know if emails are encrypted, and are unable to manually encrypt emails if needed, as encryption is all policy based
This involves sending the email and attachments using encrypted PDF, Office and ZIP files.
- Ensures all documents and attachments are delivered intact, looking good on all devices.
- Ensures senders and recipients can access encrypted emails directly from their inbox.
- Encrypted emails and attachments can be viewed even when the user is offline.
- Secure passwords can be set to access PDFs and Folders.
- No controls to track email delivery.
- No controls to stop attachments being forwarded, downloaded or sent back to the user unencrypted.
Web Portal Encryption:
Web portal encryption is the most common delivery method for encrypted emails. Encrypted emails are delivered via a secure webpage. Users can send an encrypted email directly from their email client, then the recipient has to sign in to view the encrypted messages.
- Secure, and normally is simple to get set up and use
- Can be completely white labelled and rebranded
- Messages are encrypted at every stage
- Users have a range of controls, such as secure passwords, read recipients, control over email forwarding and email recall
- Audits are easily available
- Can be time consuming for recipients to have to log in to view encrypted messages
Many encrypted vendors will offer one or more of these methods of encryption, allowing customers to choose the right method for them.