Email encryption helps protect sensitive information from hackers or unwanted parties by only permitting specified users to access and read your messages. Email encryption uses public key infrastructure (PKI) technology, the gold standard for digital identity authentication and encryption, to secure stored or at-rest emails as well as in-transit ones. As all email content and attachments are sent encrypted, attackers will not be able to intercept communications. Additionally, in the event an attacker successfully steals a mail server password, no sensitive information will be lost since the content and attachments stored on the server are encrypted.
Email encryption uses key pairs based on public key infrastructure (PKI) technology to provide a secure and scalable method of authentication and encryption. The core technology enabling PKI is public key cryptography, an encryption mechanism that relies upon the use of two related encryption keys, a public one and a private one. These two keys are used together to encrypt and decrypt a message. The public key consists of a string of random numbers and can be used to encrypt a message. This encrypted message can only be deciphered and read by the intended recipient using the associated private key, which also consists of a long string of random numbers. This private key is a secret one, and must remain known only to the recipient. The key pair is mathematically related so that whatever is encrypted with a public or private key can only be decrypted by its corresponding counterpart.
There are several options depending on the level of security you require. Fortunately, most of these email encryption software solutions work regardless of the email provider you use.
Clearly, IT professionals must rethink their strategies for securing email communications and systems. To truly protect messages from today’s sophisticated attacks, enterprises need a complete security approach that enables both encryption and authentication of digital identities for all employees and devices.
Leveraging numerous sophisticated security features, S/MIME certificates give users the confidence to trust their digital correspondence and avoid many of today’s attacks on enterprise email users and infrastructure. They are an indispensable part of the enterprise’s complete email security strategy.
These certificates enhance the security profile of your email communications in three primary ways:
S/MIME certificates protect employees against spear phishing attacks, even when they use smartphones and mobile devices to access email. By encrypting/decrypting messages and attachments and by validating senders’ identities, these certificates assure users that emails are authentic and unmodified.
There are three levels in Gmail email services: Basic, Business, and Enterprise. According to the site, all of these use TLS server-to-server encryption. Hosted S/MIME encryption is only available to Enterprise users (G Suite Enterprise and G Suite Enterprise for Education).
Within the G Suite Google Admin console, your administrator installs your certificate to Google’s server in order to enable S/MIME. Then, you’ll be able to encrypt and digitally sign emails through these steps:
Google uses color codes to indicate the different levels of email encryption visually in Gmail:
It’s easy to encrypt emails in Microsoft Outlook so that you can send secure messages. Upon installation of your S/MIME certificate, go through these steps to encrypt an outgoing email in Outlook:
To setup the S/MIME for all Outlook emails, complete the following steps:
It’s important to note that if the recipient doesn’t have S/MIME enabled, they may not be able to read your email. Simply deselect the “Encrypt this message (S/MIME)” to disable encryption.
S/MIME is a built-in feature in iOS devices, including Apple iPhones. iOS uses the device’s global address list to identify contacts in your environment that have a valid S/MIME certificate. To activate S/MIME support in your iOS device, follow these steps:
Note: If the lock is blue, the email can be encrypted. If the lock is red, the recipient needs to turn on their S/MIME setting.
Even with encryption in place, there are numerous pitfalls that can expose a business’s emails to malicious actors. To avoid these problems, follow these email security best practices:
Traditionally, S/MIME solutions have required end users to acquire a trusted certificate from a public CA and install it on their own system, all on their own initiative. But the steps required to manually issue and configure these certificates can be difficult for the average enterprise employee. Since email clients continue to function even when certificates are not in place, user compliance with company guidelines for S/MIME deployment can be lacking.
Unlike traditional S/MIME certificate deployments, Sectigo Zero-Touch S/MIME is designed to be invisible to the user. This approach enables broad employee adoption as IT professionals can seamlessly deploy and maintain email certificates for employees without requiring action from them. By automating configuration and issuance of certificates using a management console, you are reducing the risk of noncompliance while simplifying deployment across a large number of computer and mobile devices and reducing help desk calls.
Sectigo issues a single certificate for a user, which can then be deployed to multiple devices used by that employee, including their computer/laptop, tablet, or mobile device. Plus, certificates can be provisioned to mobile devices using an MDM like Microsoft Intune or Apple.
News of cyberattacks and data breaches through email is constantly making headlines. Unfortunately, the protocols and infrastructure on which email is built have roots that go back decades, and for the most part the way we secure email identities, content, and systems has not changed. Messages and attachments can be spied upon, altered, or faked, opening the door to a variety of attacks, such as malware injection, that can result in the data loss as well as loss of funds, company secrets, credit card numbers, or other confidential customer information. And with increased use of mobile devices and decreased face-to-face communication, it’s easier than ever for attackers to prey upon employee-related vulnerabilities and weak email security stances. IT teams have long turned to basic security measures to protect users and sensitive data, but these cybersecurity measures are not as effective as they once were.
The cost to business is high. The FBI reported a financial loss to businesses of $1.2 billion in 2018 due to business email compromise alone, an increase of 78% from the previous year. Additionally, high-profile email breaches can impact brand image and lead to senior executives’ job losses. In 2015, Sony’s CEO was forced to resign after hackers leaked the company’s email store, releasing full versions of unreleased movies and damaging conversations. In 2016, the Democratic National Committee left unencrypted content exposed on its server, making it easily accessible to bad actors.
Not only can insufficient security leave organizations at risk of attacks and breaches, but it can also put enterprises in jeopardy of noncompliance with regulatory mandates. To guard against business email compromise and information theft vulnerabilities, regulations such as HIPAA/HITECH, GDPR, and the U.S. federal government’s DFARS define instances and use cases that require email encryption to mitigate or minimize the consequences of a breach. Not meeting compliance requirements can result in substantial fines. For example, the EU recently charged GDPR-related fines to Google for €50 million, to Marriott for £99 million, and to British Airways for £183 million. Further, GDPR mandates that fines are not only based on the scale of an individual breach but also on the level of negligence. So applying a strong security solution to your email systems, such as S/MIME certificates, not only helps reduce the risk of a breach itself but also the amount of the fine should a breach occur.
To learn more about the importance of email encryption and for a deep dive into automating deployment of S/MIME certificates, download the Protecting Enterprise Email with S/MIME Certificates whitepaper.