Email Encryption

    Learn about email encryption and how to protect sensitive data sent through email.
    Overview

    What is email encryption?

    Email encryption is the process of encrypting, or disguising, the content of email messages to protect sensitive information from being read by unintended recipients, or cybercriminals looking to steal valuable information. The fact of the matter is that email continues to be the primary attack vector for cybercriminals. As such, it's important for organizations of all sizes to practice proper email security hygiene and utilize an email encryption solution when sending intellectual property or other sensitive information over email. Learn how to further secure your email environment by encrypting emails!

     

    GettyImages-1340422279-1200px.jpg

     

    Why is email encryption important?

    Email often contains sensitive or confidential information. When email encryption is employed, it provides the essential security needed to protect that information. As such, organizations of all sizes often employ email encryption as a part of their cybersecurity strategies.

     

    How to send encrypted email with Mimecast

    Mimecast Secure Messaging protects sensitive data by making it easy for users to send and receive secure messages, and enabling policy-initiated secure messages at the email encryption gateway for an added layer of security.

    Here’s how it works:

    • When employees need to send an encrypted email, they simply create a new email in Outlook and select a Send Secure checkbox on the Mimecast for Outlook tab. Secure messaging can also be automatically triggered when email content or attachments meet certain policy criteria.
    • Once the user presses send, the email and attachments are securely uploaded to an email server on the Mimecast cloud, scanned for malware, checked against email privacy, content and data leak prevention (DLP) policies, and then stored in a secure AES-encrypted archive.
    • A notification message is sent to the recipient of the email, directing the recipient to log into the Secure Messaging portal where they can read and reply to secure messages and compose a new message to the original sender.

     

    Benefits of Mimecast's secure email encryption service

    Secure messages are scanned against data leaks and compliance policies to help meet requirements for HIPAA, GLBA and PCI-DSS regulations. Mimecast also provides anti-virus and malware protection for all inbound and outbound email.

    Mimecast’s encrypted email service offers significant benefits for sending secure emails:

    • Simplify your secure email encryption with no certificate or encryption key management required.
    • Set granular message controls to rapidly revoke message access, require read receipts, enforce message expiration dates and prevent Reply, Reply all and printing.
    • Protect sensitive data more effectively — messages sent via Mimecast Secure Messaging never leave Mimecast's secure web portal.
    • Automatically encrypt messages that meet certain criteria, including messages sent to a specific domain or recipient, messages that contain specific keywords in the subject line, or as a fallback option to enforced TLS encryption.
    • Customize the branding and tailor your secure web portal to meet your corporate branding guidelines, giving users a consistent experience on any recipient device.
    • Lower your costs with no required installation of new hardware or software, helping to reduce expenses and improve ROI.

    Learn more about secure email encryption with Mimecast, and about Mimecast solutions for Office 365 email encryption and for encrypted file transfer.

     

    Email encryption FAQs

    What are the types of email encryption?

    Three standard email security protocols are used to secure email transmission: Secure Sockets Layer (SSL), Transport Layer Security (TLS) and STARTTLS. Because insecure email is a common attack vector for cybercriminals, it’s critical to use email security protocols like SSL/TLS and STARTTLS. Without this measure, users subject their emails and the sensitive data they contain to the possibility of interception, theft and email domain spoofing. With SSL/TLS or STARTTLS in place, cybercriminals who intercept an email can’t unencrypt it without the keys to decode it, which only the email server and client have.

    How does email encryption work?

    SSL/TLS work by initiating a series of agreements between an email client — such as Gmail or Outlook — and a server to agree on the details of their connection. These agreements require a number of detailed steps, from determining what version of SSL/TLS will be used and how the communication will be encrypted to establishing that a secure connection is in place before transferring the data.

    After the agreement series is completed, the email server returns a TLS digital certificate and public encryption key to the email client. The email client then verifies the certificate and creates a shared secret key (SSK), which is returned to the server. The server decrypts the SSK, which allows the transmission of emails.

    With STARTTLS, however, it notifies a mail server that the contents of an email need to be encrypted. If the mail is intercepted, its contents and metadata are scrambled and difficult to decode. Once the transmission is received, the data will be decrypted.

    How do I know if my email is encrypted?

    To use Mimecast’s encrypted email service, users simply create a new email in Outlook, Mimecast for Mac or within the Secure Messaging web portal. After composing the email, the user selects a Send Secure option before clicking Send as usual.

    What are the consequences of not using email encryption?

    Not using email encryption can easily expose sensitive information to various risks. It’s easier for cybercriminals to intercept, access and potentially exploit the contents of unencrypted email.

    Without encryption, emails can be breached during transmission, putting sensitive business and organizational data at risk of being accessed and used by malicious actors.

    Not encrypting emails can also lead to data theft, privacy breaches, regulatory non-compliance, email spoofing, and compromised intellectual property, leaving valuable information exposed and at risk.

    How does secure email differ from encrypted email?

    While the terms "secure email" and "encrypted email" may sometimes be used interchangeably, they refer to different aspects of email communication.

    The term encrypted email refers to the protection of email content through protocols like SSL / TLS & STARTTLS. It ensures that the information within the email is encoded and can only be deciphered by the intended recipient.

    Secure email on the other hand encompasses a broader range of security measures beyond encryption, and includes additional features, and protective measures to safeguard against various email-based threats.

    How long does email encryption last?

    The duration of email encryption depends on the specific encryption methods and protocols used -

    • Transport Layer Security (TLS): TLS encryption is applied during the transmission of an email. Once the email reaches its destination, TLS ceases to have a direct impact. However, if the email is stored on a server, additional encryption measures may come into play.
    • Persistent Encryption: Some encryption methods are persistent, meaning the email remains encrypted even when stored on servers. Mimecast, for example, utilizes AES-encrypted archives, providing a lasting layer of protection beyond the transmission phase.
    • Message Expiration Controls: In some cases, senders can set controls on encrypted messages, specifying an expiration date. After this date, the recipient may no longer have access to the message, adding an additional layer of security.

    It's essential to choose encryption solutions that align with the desired level of security and retention for your specific use case.

    Related Email Encryption Resources

    Back to Top