A SMBs Guide to Understanding Email Encryption
One of the lesser-understood elements of a small business IT security strategy is the role of understanding email encryption. As a business owner, you know the word encryption. But, if someone asked you if your team encrypts emails or if email encryption is part of your email policy, are you able to answer confidently, or would you offer a feeble smile and a blank stare?
Consider this blog as your basic introduction to email encryption. As a small business owner, you are among many who are a little foggy about the topic. Most small and medium-sized businesses (SMBs) are unfamiliar with encryption. AdvisorSmith reports that only 17% of small businesses encrypt data at all. This is usually because small business owners find encryption complicated.
What is email encryption?
Email encryption prevents unintended recipients from reading your email. It is an authentication process that scrambles your email content and converts it into an incomprehensible format. Your intended recipient can read the email because they have a private key that deciphers it. Everyone else sees garbled text.
Why does my company need email encryption?
Email as a delivery method is inherently insecure. Without encryption, cybercriminals can access email data and attachments. Email encryption is essential to protect your information and the information of team members and clients. This is especially true if you are transmitting personal data, financial information, or extremely sensitive documentation.
How does email encryption work?
Email encryption works around a set of ‘encryption keys.”
What is an encryption key?
An encryption key is a random string of code that is designed to scramble and unscramble data. Algorithms create the keys to ensure that each key is unique and extremely hard to decipher. A key is different from a password. The primary difference is a password is created and stored by a human user, while a key originates within the software and is not accessible by human beings. The more complicated the key, the harder it is to break and access email content. There are two types of encryptions – symmetric and asymmetric.
- Symmetric encryption uses a secret, single key for encryption and decryption.
- Asymmetric encryption uses both a public and private key for encryption.
Three types of email encryption
1. Pretty Good Privacy (PGP) – a free software that utilizes types of cryptography, data compression, and keys to encrypt the email while it is transferred. PGP sends the message with a public key and decrypts it with a private key where the recipient’s email system unlocks it.
2. Secure Multi-purpose Internet Mail Extension (S/MIME) – This form of encryption is usually built into email services like Office 365 or G-Suite tools. It utilizes an Internet Engineering Task Force (IETF) to send public key encryption and digital signature.
3. Transport layer Security (TLS) – This form of encryption is used for email, instant messaging, and Voice over Internet Protocol (VoIP)
What is the difference between email encryption in motion and end-to-end encryption?
End-to-end encryption encrypts the email at the source. The encryption is completed on your computer or your cell phone. Only the recipient can decrypt the email. This type of transmission is the most difficult to beat.
Encryption in Motion, or TLS encryption, encrypts the email at the server level. Many providers of email services have TLS encryption, either with the product or as an add-on.
Web Portal Encryption is a third solution. With Web Portal Encryption, the sender sends the email to a web portal which encrypts and delivers the documents to the recipient. The recipient reads and downloads the encrypted content from that same web portal.
Do I have email encryption already?
Many businesses who have invested in services like Microsoft Office 365 or Google Suite may already have an encrypted email solution, or it is available for a fee.
I want to use encryption. Where do I start?
Talk to your managed services provider (MSP) about encryption and the options available to you within your current platforms and applications. Both Microsoft Office 365 and G-Suite (Gmail) provide encryption tools within their platforms. Your MSP can help you learn how and when to use these tools.
There are also third-party providers that offer encryption services. Again, your IT provider can help to determine if you need an additional platform for encryption.
What should my company’s email policies say about email encryption?
Do you require your team members to encrypt emails containing sensitive data? Your company’s email policy should include information about when to encrypt emails and how they should be encrypted. Email policies should contain statements that detail what information may be sent via email, what information must be encrypted, and examples of information that may be sent via email without encryption.
What about training?
Very few people who join your team will have any cybersecurity awareness training or have any previous experience with email encryption. As part of your onboarding and orientation programs, include specific training on cybersecurity and your company’s policies concerning email and email encryption. Also, it’s important to plan for refresher training opportunities for long-term employees so that encryption and security become a common practice among your staff.
Focus Data Solutions helps SMBs with their IT strategy, network management, and security. To learn more or to request any of our security services, visit us at www.focusdatasolutions.com