Most organisations suffer data leak via email – the case for email encryption has never been stronger

We’re sending more email than ever. Research shows that 85 per cent of employees are emailing more now that working remotely has become standard. Unfortunately, it’s also proving to be one of the most insecure forms of communication that we have, with 83 per cent of organisations have suffered data breaches via email in the last 12 months.

Part of the problem is that many business leaders only look at half the challenge with email security. Most leaders are certainly concerned about the security of email, but only on the receiving side of things. The risk of malware being delivered by email or phishing attacks are well-documented, and most businesses, of all sizes, have an active strategy to protect against these threats. Warding against data loss from email being sent, however, is less common than it should be, and yet, for businesses in many sectors, it’s essential.

When you need email encryption
The convenience and prevalence of public Wi-Fi, combined with our mobile working habits, is of particularly concern. Research out of the US suggests that people are more than willing to connect to public Wi-Fi hotspots, and email is one of the go-to applications once on there. Even when working from home offices, however, the environment isn’t properly secured. Off-the-shelf routers are not as secure as the office IT environment. If your organisation is then bound to follow compliance regulations, such as GDPR, HIPAA, or SOX, or PCI-DSS is a security standard that you need to follow, then operating without email encryption is playing with fire.

There is a three-pronged approach that you should be taking to email encryption:

  • You should encrypt the connection with your email provider. Doing this prevents unauthorised users on the network from intercepting and capturing your login credentials, and/or email messages as they pass through the provider’s servers.
  • The emails themselves should be encrypted. Should a cyber criminal somehow intercept the email, if it’s properly encrypted it’s going to be unreadable and therefore useless to them.
  • Finally, should the cyber criminal gain access to your email password, then there should be encryption on stored emails, to again render them useless. Email is one of the major sources of data leaks following a lost laptop or phone device, and this third step will assist in protecting against that.

It is best policy to encrypt all emails. Sometimes, a business or individual will only encrypt material that they believe contains sensitive information, but that acts as a beacon to cyber criminals, highlighting the emails that they should be focused on.

What is email encryption?

Email encryption traditionally uses one of two protocols – either TLS, or end-to-end encryption, and with end-to-end encryption, there are several options, including PGP and S/MIME protocols. With the right tools, none of this is difficult to implement. The standards and best practices for email encryption are well-known and established, and there are some excellent tools available that can make email encryption policies easy to deploy.

A good rule of thumb is that if there is even a remote possibility of risk with email data loss, then encryption needs to be in place. It’s one thing to protect the organisation from in-bound malware and encourage a culture of cyber vigilance within the organisation. Without email encryption in place, those efforts could be for naught, because all it would take is for a single lost laptop or ill- advised public Wi-Fi login to expose the organisation’s sensitive data and correspondence to hackers.

For more information on email encryption and protecting your organistion’s most critical communications platform, contact the experts at Protectera. We have the tools and platforms that can deliver a secure email environment to organisations of all sizes.