Email Encryption: The Basics

November 12th, 2015 by admin

Chances are you probably have a few USPS "forever" stamps that have been sitting in your desk drawer for a while. When was the last time you actually used them to "snail mail" something—a bill payment or an important letter? Most bills are paid online these days, and most of our day-to-day correspondence is done via email.

Remember postcards? When you were vacationing in some far-off locale—Europe, Hawaii, or Vegas—you probably bought a few picture postcards to send to friends and family back home. The postcard had space to write a short message. You tried not to write anything too personal on the postcard, because anyone could read it—from the postal carrier who delivered it to a stranger who might eventually find it in the trash.

Not so long ago, all email was a virtual postcard—unsecure and easily "eavesdropped" on by anyone who knew how to access it between points on a network, via a hacked username and password.

Encryption = Protection

How can email be shielded from "prying eyes"? The most effective method has proven to be encryption—essentially converting plain text messages (as well as file attachments) into mathematically-scrambled gobbledygook. Common forms of encryption revolve around digital certificates or "electronic keys" which encode messages from the sender and decode them at the recipient's destination. This essentially upgrades the "postcard" to a sealed envelope, accessible only by the sender and recipients.

Commercially available email encryption solutions range from all-in-one hardware peripherals plugged into an email server which automatically encode and decode scrambled emails, to software applications, either downloaded in full or available as on-demand services. Most incorporate standard encryption protocols such as Transport Layer Security (TLS) or Secure Multipurpose Internet Mail Extensions (S/MIME).

What to Encrypt

Is encryption necessary for every business email? No. Only about 15% of commercial email is currently encrypted. While simple everyday correspondence doesn't require encoding or decoding, advanced encryption is essential for confidential or proprietary data, including:

• Legal documents
• Medical records (as required by HIPAA)
• Contact lists
• Banking and billing records
• Customers' personally identifiable information (PII), including credit card and Social Security numbers

Email security begins with a clear policy regarding which specific information automatically requires email encryption.

The sheer number of encryption products on the market—from the "big names" to smaller vendors—is staggering. Planning, deploying and maintaining the most effective solution requires careful analysis of a company's unique security needs.

How familiar are you with your current email encryption methods? Are you confident they're the best defense against a costly data breach? Contact us for a free assessment.

Tags: email, encryption, HTTPS, managed IT services, security threats

Posted in: Cyber and Data Security