Email Encryption for Businesses

Businesses rely on email for communicating time-sensitive information but there are considerable privacy and security risks associated with email, which can be managed and reduced to a low and acceptable level with email encryption.

Businesses take steps to stop unauthorized individuals from accessing sensitive data and intellectual property, but the same level of protection is rarely applied to email. A corporate computer contains a treasure trove of sensitive data and is protected by multiple layers of security. There are security controls to prevent physical access to the device, passwords are required to access network resources, and remote access is prevented by a firewall. However, email is a security weak point. When an email is sent, there is often no protection for the email in transit. Since emails are transmitted in plain text by default, they could easily be intercepted, read, and tampered with in transit.

Lack of Encryption for Email Exposes Businesses to Man-in-the-Middle Attacks

Hackers can – and do – intercept business email communications. In a man-in-the-middle (MiTM) attack, the hacker positions themselves between the sender and recipient of the email. This allows them to eavesdrop on email communications. The sender and receiver believe their email communications are private and confidential, but all communications are being intercepted.  Emails may also be tampered with in transit. MiTM attacks often involve hackers interrupting communications and inserting themselves into the communication chain. The legitimate participants believe they are communicating with each other when they are actually only communicating with the hacker. These attacks are often performed to trick victims into sending wire transfers to the attacker’s account.

How to Protect Email Communications

There are several methods that can be used to protect email accounts, stop data loss, and ensure email data cannot be accessed by unauthorized individuals at rest and in transit. Email security gateways can block phishing attacks, which are used to steal email credentials and install malware that allows hackers to access email accounts and internal resources.  Authentication is used to protect against unauthorized access, including physical access to devices and remote access over the Internet. 2-factor authentication is used to ensure that if email credentials are compromised, they cannot be used to access email accounts.

To protect against the interception of emails in transit, email encryption is required. With email encryption, plain text emails are encrypted so if they are intercepted in transit, they cannot be viewed by anyone other than the intended recipient. The only way that encrypted emails can be viewed is if the intended recipient authenticates and provides the key to decrypt the messages.

Email Encryption Using the Transport Layer Security Protocol

The Transport Layer Security (TLS) protocol is one of the most commonly used methods for email encryption. It was developed from the Secure Sockets Layer (SSL) protocol and is used to secure data between a web browser and website via HTTPS and for encrypting emails over the Internet. TLS uses a combination of asymmetric and symmetric encryption to ensure communications cannot be viewed in transit. It requires authentication to ensure the parties exchanging information are who they say they are, and TLS prevents any tampering with communications.

Secure connections are established via a TLS handshake between two parties and that process begins when an email is sent. The client and server specify the version of TLS that will be used, the client and server then select the cipher suite, the identity of the server is authenticated using the server’s TLS certificate, and session keys are generated and used to encrypt emails when the handshake is completed and the paired, matching TLS certificates are used to securely decrypt the messages.

EncryptTitan – TLS Email Encryption from TitanHQ

TitanHQ developed EncryptTitan to help businesses encrypt sensitive data via email and to make it easy for managed service providers to offer email encryption to their clients. EncryptTitan uses the industry-standard TLS protocol for encrypting emails in transit and automates the process of encrypting emails and attachments to prevent unsecured data from being transmitted due to human error.

Administrators can set rules to ensure that all messages are encrypted, or certain types of messages are protected such as any emails sent externally. Keyword-based encryption can also be used, where administrators define keywords that will ensure automatic email encryption if they are found in a message. Alternatively, a mail client add-in can be used which will ask employees if they want to encrypt a message when it is sent.

There are two levels of protection for emails. TLS Verify is used to protect emails in transit and prevent unauthorized access. TLS Verify connects via the recipient’s mail host that is associated with the domain’s MX record(s) using TLS version 1.2 or 1.3. The mail host’s name must match the common name (CN) of the digital certificate used to facilitate TLS.

Alternatively, a secure portal can be used. In this case, the encrypted message is sent to a secure cloud portal and the recipient will be notified when the message has been received. They will then need to access and authenticate with the secure portal to view the message and reply via encrypted email. This method is more secure due to the additional authentication, although does take more time. Businesses can choose which method to use and can use a combination of both depending on the sensitivity of data being transmitted.

There is also a message recall feature that allows emails to be instantly recalled, time-controls to ensure that emails are deleted if they have not been opened in a specified time frame, and a detailed audit trail is maintained to show when messages have been received, opened, read, deleted, replied to, or printed.

If you want to protect sensitive data and make email more secure, you need email encryption. For more information on how EncryptTitan works, for details on pricing, and to book a product demonstration, give the TitanHQ team a call. You can also try EncryptTitan free of charge for 14 days to see if it meets your email encryption requirements.