Email Security

What is Email Encryption, How Does It Work, and How Can It Protect Your Organization?

Email Encryption: What it is, how it works and it can help your organization to become more secure.

Email Encryption

Email is the most commonly used way for businesses to communicate externally with customers and suppliers. Millions of emails are sent every day as we send contracts, invoices, and important business documents around the world. The only problem is, email is not secure.

Email accounts can be compromised by attackers using phishing attacks or otherwise, exposing your email communications to cyber criminals. Email messages and attachments can also be intercepted as they travel over the email network. By default, emails are not encrypted as they travel from your emails servers to the recipient. This means that if hackers are able to compromise this data, they can read your emails and attachments.

When emails are encrypted however, the contents of the emails are scrambled, so that only the intended recipient can access them. In this article, we’ll cover how encryption works, why it’s important, and the easiest ways for organizations to implement email encryption.

What is Email Encryption?

Today, there are two main protocols used for encrypting emails:

  1. Encrypting an email while it’s in transit (TLS)
  2. End-to-end email encryption

Transport Layer Security (TLS) Encryption is used by email providers, like Microsoft and Google, to secure emails as they move from sender to recipient. It stops emails from being read after they are sent, but before they are delivered.

Before TLS Protocols were introduced, it was common for cyber-criminals to be able to read emails when they were in transit, and therefore not secured. These attacks are known as ‘man-in-the-middle’ attacks, and could be hugely damaging for businesses.

While TLS provides strong protection against these particular attacks, the emails are still only secure when they are in transit. This means that if a cyber-criminal is able to compromise an email account through phishing, or some other means, they would still be able to read any emails or attachments.

For any emails that hold highly sensitive information or business emails, TLS encryption on its own does not provide an adequate level of protection. For this reason, many organizations are turning to enterprise email encryption solutions that provide end-to-end encryption.

End-to-end encryption ensures that email messages are encrypted by the sender, and can only be decrypted by the intended recipient on their device. End-to-end encrypted emails are secured at every stage of delivery, and cannot be read even by email servers. This makes it very difficult for cyber criminals to compromise sensitive information or attachments.

Put simply, end-to-end encryption uses public keys to secure email. The sender encrypts messages using the recipient’s public key. The recipient decrypts the message using a private key.

There are two methods that organizations can implement end-to-end encryption, PGP and S/MIME. These involve organizations manually configuring their email systems to send encrypted emails. However, these can be hugely difficult and complex to configure for organizations of all sizes, and often come with security vulnerabilities of their own.

Enterprise Email Encryption

The easiest way for organizations to implement email encryption is through an enterprise encryption solution. These solutions provide end-to-end email encryption to organization, allowing users to encrypt emails with ease.

These services automate the encryption process, saving admins the hassle of having to set up encryption key creation and management. They allow users to encrypt emails with a click of a button in their email client. They also allow admins to set policies which automatically encrypt sensitive emails.

Cloud-based solutions are very simple to deploy. Usually they require a plugin to be installed in the mail client, which gives users the ability to encrypt emails. They also provide admins with a dashboard, where they can monitor where encrypted emails are being sent, although many will hide the contents of emails from IT admins.

Many solutions give end users more controls over their email, with controls such as revoking access to send emails, stopping email forwarding, and the ability to stop printing or copying/pasting of emails. The top vendors will also implement features such as requesting signatures in encrypted attachments, perfect for organizations who need to send invoices and contracts via email.

Important Features to Look for in An Encryption Solution

One of the most important features to look for when it comes to email encryption is a high-level of security use. Encryption is either required or recommended for email compliance in all major data regulatory advice, and so it is important to find a solution that adheres to data regulatory security standards.

Another important factor is considering how easy the service is to use. Encryption can be complex, but it’s important that when using an enterprise encryption solution, users can easily send encrypted email and crucially, the recipient can easily open the encrypted email. Implementing an encryption service is an important security need, but if users avoid using it because it’s complex, there isn’t much point.

The biggest factor informing the security of the encryption and how easy the service is to use is the method of encryption that the solution uses:

Methods of Email Encryption

TLS Encrypted Email:

TLS encrypts email in transit to the recipient, stopping it from being intercepted.


  •  Very easy for users to send emails, with no extra steps beyond hitting send
  • Easy to deploy


  • Does not encrypt messages in the sender or recipient email inbox
  • Does not hide messages from emails servers
  • End users don’t know if emails are encrypted, and are unable to manually encrypt emails if needed, as encryption is all policy based

Encrypted PDF:

This involves sending the email and attachments using encrypted PDF, Office and ZIP files.


  • Ensures all documents and attachments are delivered intact, looking good on all devices.
  • Ensures senders and recipients can access encrypted emails directly from their inbox.
  • Encrypted emails and attachments can be viewed even when the user is offline.
  • Secure passwords can be set to access PDFs and Folders.


  • No controls to track email delivery.
  • No controls to stop attachments being forwarded, downloaded or sent back to the user unencrypted.

Web Portal Encryption:

Web portal encryption is the most common delivery method for encrypted emails. Encrypted emails are delivered via a secure webpage. Users can send an encrypted email directly from their email client, then the recipient has to sign in to view the encrypted messages.


  • Secure, and normally is simple to get set up and use
  • Can be completely white labelled and rebranded
  • Messages are encrypted at every stage
  • Users have a range of controls, such as secure passwords, read recipients, control over email forwarding and email recall
  • Audits are easily available


  • Can be time consuming for recipients to have to log in to view encrypted messages

Many encrypted vendors will offer one or more of these methods of encryption, allowing customers to choose the right method for them.

To find the best encryption solution for your organisation, read our guide to the top 10 email encryption platforms for business.