August 2016

How to Protect Your Company Email with Encryption

How to Protect Your Company Email with Encryption

There has been a lot of talk about email privacy and protection lately. With Google getting in hot water over scanning their users’ emails, and multiple well-publicized hacking attacks that had their origins in email, many businesses are looking to take extra precautions with communication. There are many ways to safeguard your email communications with encryption, ranging from simple plugins to complicated custom solutions that involve running your own mail servers, and each has some pros and some cons.

What is Email encryption?

Before plunging into solutions, it’s important to understand what exactly email encryption means. Most people think of the process of encrypting emails with a very simple metaphor – a secret agent writing a message in code, perhaps. This is accurate, but only paints part of the picture.
If you’ve decided that an email encryption may be right for your company, the next step is to choose the type of encryption and encryption method you’ll be using. Keeping your email encrypted between your computer and the email server is fairly straightforward – most email providers now do so for you. To verify, check your URL bar (if you use webmail) for the “https” prefix in the address.

If you use Outlook or a similar program, you often have the option of choosing to use TLS/SSL when communicating with the server. This is a secure protocol that makes sure your messages aren’t tampered with en-route to their destination. If you’ve decided that email encryption is a must-have feature, but your current mail service provider doesn’t support “https” in webmail or SSL/TLS, consider switching mail providers.

Encrypting message itself

Most enterprise grade email encryption solutions actually work on three distinct levels. The first one is actually encrypting the message itself – the spy writing in code, in our example.
Then, they must encrypt the connection between your computer and the server actually sending the mail. This ensures that the mail actually gets to the mail server, and then the final recipient that you intended it to get to, instead of being hijacked and passed along to an intruder. Using the spy metaphor, you can compare this to having a secret and secure location to exchange information with your sources.
Finally, the encryption solution needs to make sure that the copy stored locally on your computer or in your cloud mailbox is also encrypted and secure. This is like making sure you keep your spy orders in a locked briefcase at all times. An encryption solution that does just one or two of these three things leaves you with a massive vulnerability, and can actually be more dangerous than no encryption at all, since it can lead to a false sense of security.

Secure message itself

The next step is to secure the message itself. This is where things start to get a little bit complicated. The first thing you will need is a security certificate. This certificate, given out by a company or organization that is trusted as a source of identity verification, is like your digital fingerprint. It tells everyone who sees it that you are, in fact, you. To do so, though, the people you are communicating with need your public key. This is like your ID card that can be matched up to your fingerprints to verify your identity.

The downside of this process is that you have to make sure that everyone you message has a copy of your public key ahead of time so that they can verify your identity and decrypt the message. The alternative is to use one of the many available software solutions that automate much of the process. That also comes with downsides, though – you have to put your trust in a third party, and many of these software solutions still require some extra action on the part of the recipient (such as verifying their identity, signing up for a membership, or other such actions).

Protect archived messages

Finally, you have to make sure that your archived messages are adequately protected. If you use a webmail client, you are stuck with whatever protection the mail service provider gives you. Fortunately, this is usually quite good. Mail service providers have long ago learned that getting caught being hacked is very bad for business. If you have a self-hosted server or you use an email client like Outlook, though, you have some options. The simplest is to encrypt your entire hard drive.

This method is simple and reliable. However, you have to make a trade-off between security and usability – the stronger the encryption methods and protocols, the slower data access (and your computer) becomes. The better option is to encrypt just the location of the stored/archived email. This gives you the best compromise between strong security and functionality. And don’t forget, encrypting your laptop does little good if you have all your emails also stored on your unencrypted cell phone.