When the internet was first invented, email was not designed with privacy or cybersecurity in mind, since the first emails were between people who already were acquainted with each other. Today our inboxes are a common target for hackers trying to steal personal or business information. In this blog post, we offer advice on protecting yourself and your business from harm with email security.
What Does Encrypted Mean?
Humans have been encrypting sensitive information since the Roman Empire. While Roman ciphers can’t provide the same level of encryption that today’s algorithms can, they accomplish the same goal: to convert sensitive information into a code that hides its true meaning.
Your email inbox can be likened to a safe that attracts cyber criminals intent on stealing valuable contents. Without email encryption, all that cybercriminals need to crack that safe is access via your password. Unfortunately, massive data breaches have become so common, they hardly make the news anymore. As a result, cyber criminals may already know the password to your inbox. Even when they don’t, they can attempt to intercept your emails while they are in transit.
By converting messages from readable text to ciphertext, email encryption introduces another layer of security, while ensuring that only those intended recipients can access it. While the technology behind encryption is complex, its implementation by email service providers is fairly easy to use.
When to Use Encrypted Email
Some still associate encryption with government spies or something nefarious used by shadowy figures trying to avoid prosecution. However, in reality, encrypted email has become a modern necessity because billions around the world rely on email to communicate sensitive information on a daily basis.
Many professions, including health care, accounting and finance, require encryption by law. HIPPA regulations stipulate that all electronic transmissions of protected health information be encrypted. A single violation can carry a penalty as high as $50,000, a useful figure to contemplate if someone thinks encryption is too expensive to implement.
When unencrypted messages are sent over the Internet, there is a risk that personal information or proprietary business information may be exposed to cyber criminals. Only email encryption can give you the peace of mind that comes with knowing no person can access that information.
Ideally email encryption should employ the most robust encryption method available. And this encryption should be applied automatically each time a message is sent, to eliminate the possibility of someone forgetting to apply it themselves.
Are All Encryptions Equally Secure?
There are a variety of solutions to encryption, but generally they can be divided into two broad categories:
- In-transit encryption. This method encrypts data that is actively moving from one location to another, including when you are sending a message from your machine over a public Wi-Fi network to a colleague who is located in another state or city. Most email service providers in-transit encryption by default, to block man-in-the-middle attacks or other security threats.
- At-rest encryption. The purpose of at-rest email encryption is to convert sensitive information into what’s essentially a random text that can be converted back to the original message with a decryption key. This ensures your email service provider cannot read your emails or accompanying document attachments.
If you want your emails to be as secure as possible, we recommend the application of both in-transit and at-rest encryption at the same time. Gmail, Yahoo and Outlook make this email encryption relatively easy.
Configuring Your Website Email
If you are running emails via a hosting company for your website, there are a number of settings that must be configured for secure email transmissions. The most important point in email security is protecting your email login details and messages. This is critical because of the security risks during data transmission, especially on mobile and wireless networks. For this purpose, we recommend using encryption when checking and sending emails. This can be accomplished by using:
- Secure IMAP (IMAPs) for encrypting incoming communication from the remote mail server.
- Secure POP3 (POP3s), which also encrypts incoming communication from the remote mail server.
The difference between IMAPs and POP3s is the same as for the standard IMAP and POP3 protocols. IMAPs leave the messages on the server. It is faster because it does not download the whole message but only its headers. Furthermore, it is preferred in terms of reliability. When your local computer crashes your emails will not be lost if you have used IMAPs.
On the other hand, POP3s downloads the whole message and stores it locally. That’s why it is slower and less reliable.
- Secure SMTP (SMTPs) encrypts outgoing communication to the remote mail server. These will have to be enabled and configured on your local machine for Outlook, Thunderbird and Mac Mail.
Configuring Other Email Providers
If you’re a Gmail user, Google automatically encrypts all emails in transit using transport layer security (TLS), the standard means of performing this type of encryption.
TLS, a set of cryptographic protocols designed to provide communications security over a computer network, makes it impossible for unauthorized third parties to snoop on your email communication when sharing the same network, such as the Wi-Fi at your favorite coffee shop.
TLS is similar to a magical envelope for messages. Even if someone steals this envelope, the person won’t be able to read your email unless they know how to unlock it.
Besides TLS, Gmail also supports S/MIME, which is an advanced encryption standard that encrypts the actual message, instead of simply providing an encrypted envelope for it. S/MIME is only available with G Suite Enterprise, G Suite for Education and G Suite Enterprise for Education, and each sender and recipient must have it enabled for it to work.
To enable S/MIME:
- Log in to your Google Admin console.
- Go to Apps → G Suite → Gmail → User settings.
- Select the domain or organization you want to configure.
- Check the Enable S/MIME encryption for sending and receiving emails box.
- Click Save.
How to Encrypt Email in Outlook
Just like Gmail, Outlook.com uses TLS encryption to protect the connection with a recipient’s mail service provider. The problem with TLS is that it protects messages only while they’re in transit and doesn’t guarantee that they’ll stay encrypted after they reach the recipient’s service provider.
Microsoft implemented its own Outlook email encryption system, which ensures that your messages always remain encrypted and don’t leave Microsoft’s servers. Outlook email encryption is available to Office 365 Home or Office 365 Personal subscribers, and it is easy to use.
To send an encrypted email message in Outlook.com:
- Log in to your Outlook.com account.
- Click the blue New message button in the top-left corner.
- Select the encryption option from the ribbon.
- Click Encrypt or Encrypt & Prevent Forwarding (the latter makes it impossible for your message to be copied or forwarded).
- Compose your message and click Send.
Outlook.com users can read encrypted email messages just like regular messages. The users of third-party mail services receive a message with instructions for how to read the encrypted message.
Encrypted Email Etiquette
All team members of an organization should be educated on the dangers of incoming emails. The next thing to know about Email Security is how to fight email viruses and SPAM (unsolicited email). Below are some tips to help:
- Make sure to have an updated antivirus program.
- Update your email client to the latest version. If you have troubles updating your current email client, try the freely available Thunderbird. Many viruses are targeted against outdated mail clients.
- Do not open suspicious attachments even if the sender might look familiar.
- Avoid subscribing to free newsletters, or other similar activities. This usually results in an increased number of spam messages in your inbox.
- Protect your domain from being spoofed by spammers using an SPF record. Email spoofing will make you receive bounced back messages you have not sent.
Want a Third-Party Vendor to Manage Your Email Encryption?
BrightFlow Technologies offers email encryption as a service to our clients. We can manage parts or all of your email protection, so you can achieve the best possible security outcomes. To learn more, please get in touch with us today.