At present, almost 3 million companies worldwide use Microsoft Office 365, a high percentage of which use Office 365 for email; however, many of those businesses have not added Office 365 email encryption which means sensitive data communicated via email is at risk of interception or tampering in transit.
Lack of Office 365 Email Encryption Puts Companies at Risk
Estimates of email volume vary, with studies suggesting an average employee will send and receive between 90 and 120 emails a day. Many of those emails contain sensitive data that could be easily misused in the wrong hands.
Sensitive company information is often communicated by email. For instance, 77% of financial institutions share sensitive data with 3rd parties, and email is often used for sending that information. Proprietary company information may be shared via email, and that information is of high value to competitors. The theft of that information could result in the loss of a competitive advantage.
One of the biggest threats to businesses from email data breaches is loss of reputation. Any business that suffers a data breach that exposes sensitive information can lose the trust of their clients and suffer long-lasting reputation damage. Email breaches often result in bad press, and it is common for victims of data breaches to take legal action to obtain damages for the exposure and theft of their sensitive information. Office 365 email encryption can be seen as an investment to protect against reputation loss and brand damage and prevent costly litigation.
Email is a quick and easy way to communicate, which is why it has proven to be so popular for business communications; however, email can easily be abused by employees. Office 365 email encryption can help to prevent the unlawful distribution of data by stopping employees sharing unsecured data and preventing misuse of email by employees.
In some industries certain types of data must be protected and encryption is required for data at rest and in transit. In healthcare, for instance, electronic protected health information (ePHI) must be encrypted if sent via email beyond the protection of the firewall. The failure to encrypt emails risks violating the U.S. Health Insurance Portability and Accountability Act, for which there are severe financial penalties.
The Payment Card Industry Data Security Standards (PCI DSS) require encryption for emails containing credit card information, and there are requirements to protect email data in the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and the Criminal Justice Information Services (CJIS) and Consumer Financial Protection Bureau (CFPB) have requirements for protecting email data. Failing to secure email data risks substantial fines for non-compliance.
Office 365 Email Encryption Options
Microsoft has recently started offering Office 365 email encryption, but Microsoft is not first and foremost a security vendor, and its solutions lack the robustness and reliability of third-party email encryption solutions. Microsoft’s email encryption service is also only provided with certain licenses, which can make it prohibitively expensive for small business email encryption.
Complaints about the Microsoft Office 365 email encryption (OME) service include difficulty for recipients to decrypt emails – they need to pay for a TLS connection. You need an Office 365 Plan E3, Plan E5 or have an Azure Protection license to get encryption, which is expensive if you do not already have the required product license. Recipients also need a code that is sent to the same email address to open the emails, which essentially splits the emails into two messages.
Email Encryption for Office 365 from TitanHQ
TitanHQ has developed easy-to-use email encryption for Office 365 that does not have the problems associated with Microsoft’s offering. EncryptTitan makes it simple and straightforward to send encrypted emails, with the solution acting as a secure message center for Office 365 users (There are also integrations for Google G-Suite users).
Emails are encrypted using a conditional Transport Layer Security (TLS) methodology (TLS-verify) and/or a secure web portal. Rather than having to enter a code to decrypt emails, recipients of messages do not need to take any action provided the conditions of the TLS-verify delivery method are met. If not, the messages are sent to a secure portal where the recipient must connect and authenticate to view the message.
Senders of encrypted messages will be informed that the message has been encrypted, will receive notification when the message has been read, and the tracking supports auditing and the recalling of messages. An Outlook Plug-in makes it easy to encrypt messages and apply certain conditions, such as how long the message can be accessed before it is deleted. Users can select which messages are to be encrypted with the click of a mouse, and companies can set keyword-based encryption and policy-based encryption.
If these features are enabled, messages containing certain keywords will be automatically encrypted and as will all messages and attachments containing definable types of content to ensure compliance with email regulations. As with all TitanHQ solutions, users get industry-leading 24/7 customer support, which is something that is not provided with Microsoft’s OME.
At TitanHQ we are proud of EncryptTitan Office 365 email encryption and believe the product perfectly meets the needs of businesses and managed service providers; however, you don’t have to take our word for it. You can see the solution in action taking advantage of a free demo to see for yourself how easy EncryptTitan is to use and how it protects all sensitive data sent via email.