Email encryption

Email encryption: The full guide

by Egress
Published on 11th Jun 2020

What is email encryption?

Email encryption protects your emails by obscuring the message body and attachments, making sure that only the right people can access and read them. Email encryption is used to secure confidential data shared by email and can prevent email hijacking, as well as stop authorized recipients taking unintended actions with sensitive information, such as forwarding it to other people.

There are different types of email encryption, including end-to-end email encryption. Also called “message-level encryption”, end-to-end encryption makes your messages totally unreadable while in transit, meaning that only the sender and recipient can read the sensitive content being shared.

What are the benefits of using encrypted mails?

Email encryption is mostly intended to protect sensitive data and give you the peace of mind that your messages are shared securely. However, there are lots of other benefits to be had by using email encryption.

First and foremost, securely encrypted emails help you prevent data breaches. Whether you’re dealing with internally sensitive information or highly secretive client data, it’s of vital importance that your messages remain secure.

With secure end-to-end encryption, you can also be confident in knowing that you’re acting in accordance with up-to-date data protection regulation and global privacy legislation. Wherever you’re operating, it’s important to be in compliance with any recent regulations such as the European General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountancy Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). By using end-to-end encryption, you know that your data and content complies with these privacy standards.

End-to-encryption will also help protect you against other security threats. Man-in-the-middle attacks (also known as email hijack attacks) target users by secretly accessing unsecured communications through impersonating a legitimate party. Properly secured encryption keys will prevent this kind of attack.

With end-to-end encryption using symmetric key management, you’ll also be able to recall emails sent accidentally or containing sensitive content. Recalling access to sent emails means you’ll be able to protect messages even after they’ve been delivered. This type of end-to-end encryption also gives you the option of applying different security restrictions to your emails.

Finally, symmetric end-to-end encryption will help you keep track of your data through auditing.

How does end-to-end encryption software work?

When you’re using end-to-end encryption software, your message will be protected in transit between you and the receiver. That means it won’t be vulnerable to security breaches between you and your intended recipient.

End-to-end encryption means your message is protected by secure, randomized and scrambled keys. Without the keys, all parts of the message are inaccessible, right from sending, transferring and receiving the email.

For some (typically older) end-to-end encryption systems, both the email sender and the recipient need their own pair of encrypted keys – a private key and a public key. In order to send encrypted mails, both parties need to share their public keys, keeping their private keys private – as the name suggests.

The email is sent using the recipient’s public key. It’s then decrypted at the other end using their private key. This way, the message has stayed scrambled from the sender to the recipient, protecting its contents. While this approach offers end-to-end security, it does require the recipient to share their encryption key with the sender, adding a layer of complexity to the communication process.

At Egress, we simplify this approach by using symmetric key cryptography for end-to-end encryption, which means the same key is used for encryption and decryption. This key is automatically shared between the sender and recipient. While we provide the same high level of security and assurance as products that use public/private key cryptography, it also means that using Egress end-to-end encryption software is a more straightforward way for you to make sure your sensitive emails and attachments stay safe and secure, without the need to share a passcode before you can communicate securely. Symmetric key cryptography is also generally considered the most robust form of encryption for securing emails.

So, how do I encrypt my secure mails?

Using Egress to protect your sensitive data couldn’t be simpler. Our software directly integrates with your mail client (such as Outlook), meaning you don’t have to worry about additional email-security stages.

From there, you can choose your level of secure protection from our dropdown menu. Say, for instance, that you were looking to share highly sensitive data, you’d be able to protect your message with a ‘SECRET’ level encryption.

You’re then free to share your message with confidence that Egress end-to-end encryption is protecting it right the way to your recipient.

What are the benefits of using Egress encrypted mail software?

Egress Protect software lets you securely encrypt your messages at the highest level of security without compromising on ease of use.

Most importantly, Egress gives you the power to manage the level of protection you require. So, if you need to add multi-factor authentication to a specific message, or adapt individual policy controls, adjusting your level of security is simple. Egress Protect also allows you to manage message restrictions, exercise rights management control, and revoke and restrict individual emails.

Securely sharing and protecting large files can also now be done in a single message straight from Outlook. This means that you don’t have to rely on potentially insecure file transfer providers or split your content across multiple messages.

A further benefit of Egress Protect Software is its automatic encryption of emails between employees within an organisation. So, whenever you’re sharing files or documents with your colleagues, you know that your messages are protected.

An additional layer of security is Egress’s protection for emails at rest. This ensures that your secure messages are protected even if your mailbox is compromised.

Another strength of Egress’ software is the ability to access and send secure encrypted mails from any device. So if you’re on the go, you’re able to use Egress encryption through our mobile gateway or dedicated apps. As you’d expect, these are protected with the same standard of encryption as you’d find on Egress Protect for desktop security or via our web access application.

Are there other types of encryption I need to understand?

End-to-end encryption is a secure way of sharing messages and files between you and your recipients while protecting the data you’re transmitting. However, there are other encryption options you might need to know about.

Transport Layer Security, or TLS, is an online security protocol that enables private data sharing and communication. Its main purpose is to encrypt the information sent and received between web applications and servers. For instance, TLS would ensure that a site loads securely, without compromising the connection.

The main benefits of TLS are found in both its simplicity and its ubiquity. The vast majority of servers are capable of enabling Transport Layer Security. However, this prevalence does mean it has vulnerabilities. Not all sites and servers will be up to date with the most recent versions of TLS, meaning connections aren’t necessarily as secure as they should be.

Secure Multipurpose Internet Mail Extensions (known as S/MIME) is another technology you can use to protect your emails from being accessed by unwanted users. In short, S/MIME allows you to digitally sign your mails, verifying that you’re the legitimate sender. This makes S/MIME a useful tool against phishing attacks.

However, it’s not without its limitations. Many web-based email services (such as free versions of Gmail and Yahoo!) don’t support S/MIME technology, meaning that if you’re regularly sending messages to external recipients using these systems, you may experience problems.

I’ve received an encrypted mail. How do I open it?

If you’ve recently received an encrypted mail from Egress and want to see what’s inside, have a look at our guide to find out how.