Blog

What Are My Email Encryption Options

Encryption is the process of encoding or ciphering information to protect it from being read or accessed by anyone other than the authorised recipient. E-mail encryption is using encoding techniques to protect any information that you send out of your mailbox.

Why would anyone, especially you want to encrypt your email?

According to Statista, 269 billion e-mails were sent out in 2017. That is about 737 million e-mails a day. Those are big numbers and according to Google’s transparency report, many e-mail providers do not encrypt e-mails in transit. So, while e-mails are extremely convenient for sending information and documents, from a security standpoint it is not the ideal method to send sensitive or confidential information.

That being said, the e-mail culture has been ingrained into our daily lives and to stop using it would akin to losing a limb (metaphorically of course!). This is where data encryption takes the stage. By encrypting your e-mail or documents before they are sent out, nobody other then the intended recipient would be able to access the contents.

Still unsure if you need encryption? Check out some of the reasons we came up with below:-

  • Sending e-mails with private or confidential information (e.g. address, security number, bank account number)
  • Ever sent an e-mail to the wrong person?
  • If you work on unsecured networks (e.g. public WiFi or Hotspots)
  • The possibility of the recipients e-mail account being compromised is a concern to you
  • Local regulations require you to implement sufficient measures to protect against theft of data

What type of Encryption solutions are available?

A few different encryption solutions exist, each with their own benefits and issues.

  1. If you are are a fan of open source, then GNU Privacy Guard is worth checking out. Users can generate a encrypted digital signature as a form of verification that documents sent are from them and not from anyone else. More importantly GNUPG allows users to generate a private and public for e-mail encryption.For example, if Kai if wanted to send you an e-mail, he would use your public key to encrypt it and you would use your private key to unlock the contents. If you wanted to send Kai an e-mail, you would use his public key to encrypt the contents and he would use his private key to unlock it.As you can see, this method a type of asymmetric cryptosystem,  allows users to securely exchange information through the use of  keypairs and it is currently impossible to derive the private key from the public key which is shared. However the downside for this is speed. Having to manage a few public keys is relatively simple. However, imagine a scenario where you have to send hundreds of e-mails to hundreds of people using this method. Encrypting each e-mail with different public key can be a challenge.
  2. Another alternative is using a symmetric cryptosystem, which only requires one password to encrypt and decrypt a document. For example, if Kai wanted to send you a document, he would encrpyt it with the password “XXXXX”. For you to unlock that document, the same password “XXXXX” would be used. This method is significantly faster. However the challenge here is getting the password across without having it compromised during transmission.Some organisations also use a variation of this system. When sending personal information unique to a user, they encrypt the document with a password generated through a set of rules. For example, when a bank sends its credit statement, the system automatically creates a password that is based on the combination of your birthday digits and last few numbers of your mobile phone. This is a basic level of protection, as anyone who is able to obtain these details can easily unlock your documents.
  3. A third solution, is to use a secure e-email gateway for sending and receiving of e-mails. More details on this can be found in the next paragraph.

How can I implement E-mail Encryption in my organisation?

Prior to deciding on a solution, some of criteria of assessment would be “ease of use” and the level of security provided. In some cases, organisations have to trade off functionality for user intuitive interfaces and vice versa.

Deltagon’s Secure Gateway provides customers with a user friendly interface without compromise on functionality. Compatibility with various platforms and seamless integration with popular web clients ensures minimal disruption or change to your existing work style. With our powerful rule-based engine, administrators can be assured that sensitive e-mails are automatically encrypted and reach the intended recipients. Multiple levels of protection are offered and can be easily selected based on the level of security required.

One key advantage of using a secured gateway is that recipients do not need to install any software to communicate with you securely. Instead they can directly respond through the gateway; similar to popular e-mail clients. Hosting can be on-premise or on cloud and configured to integrate with existing security solutions.

To find out more about click here or contact us for a free demo.

Why Businesses Need E-mail Encryption

Approximately 270 Billion E-mails were sent in 2017 and that number is forecasted to grow on yearly basis. What this means, is that there is a tremendous amount of data being created and shared daily. This data often includes sensitive information about individuals and organisations that could be used with malicious intent.

A proven method of protecting data in transit is Encryption; a process of converting data into a secure form that can only be accessed by authorised personnel. To put it into perspective, an encrypted item is like a locked box that requires a specific key to unlock its contents. Otherwise the ‘reader’ only sees a jumble of characters that make no sense.

Drivers for Encryption

In 2015, IBM’s chairman, president and CEO Ginni Rometty, said, “Cyber crime is the greatest threat to every company in the world.” She is very likely to be right especially when 50% of the world’s population is connected to the internet and that 75% will be connected by within the next 5 years.

While digitalisation has brought us into the next golden age, it is important that organisations and individuals do not overlook the need to protect their data. With governments across the world implementing data protection regulations, it is a good time to look at the reasons your business needs e-mail encryption:-

  • Comply with privacy or data security regulations and requirements (e.g. GDPR)
  • Compliance with organisation’s internal policies or requirements.
  • Protect sensitive information such as financial details or intellectual property
  • To avoid the potential consequences of a data leak or breach.
  • Protect your customer’s information

Basic Practices

Software and Solutions aside, there are some simple measures that you can take to protect yourself against cybercrime.

  • When sending secure information or making payment through a browser, always ensure that the website has a valid SSL Certificate and the url starts with “https://”.
  • Ignore any e-mail that is requesting for money or mentions giving you money. More often then not these e-mails are sent to multiple addresses at one time. A quick google search would tell you if the e-mail is a scam.
  • Do not directly click on links in e-mails unless you are certain that it is from a trusted source. It is always better to manually type in the website address in the browser.
  • Do not download attachments or open them before scanning for viruses or malware. If unsure call the sender to confirm that the files were sent by them.
  • Avoid sending sensitive or confidential information through e-mail unless the contents have been encrypted.

KTSS provides an easy to use enterprise-standard encryption services that provides you with the assurance when sending private information to your recipients. Our solution is flexible and can be deployed on cloud or on-premise.

Understanding the Basics of Cyber Security to prevent your digital Doomsday

A great video we enjoyed watching from Christoph Magnussen on the basics of Cyber Security.

GDPR – What the General Data Protection Regulation is all about

General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of EU citizens. This regulation is consistent across all 28 EU member states and also addresses the use of EU citizens data outside of the European Union. The GDPR replaces the Data Protection Directive (Directive 95/46/EC) and becomes enforceable on 25th May 2018.

Types of private data under the GDPR

GDPR

  • Name, Address and Identification Numbers
  • Data on your Health and anything associated to it.
  • Race and Ethnicity
  • Sexual Orientation
  • Political Opinions
  • Digital/Web data such as IP address, cookies, location.
  • Biometric data

Businesses affected by GDPR

Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. The specific criteria for organisations to comply with are:-

  • If there is a presence in an EU country.
  • Personal data of European citizens is stored or processed even without a presence in the EU.
  • More than 250 employees.
  • Below 250 employees but data-processing has an impact on the rights and freedoms of data subjects. Data processing is not infrequent, or includes certain types of sensitive personal/private data.

What else should i know about the GDPR?

  • Companies that are non-compliant may face penalties of up to USD$23.4 million or 4% of  their global annual turnover, whichever being the highest.
  • Data  can only be stored and processed only after the individual has given consent. The data can only used for the duration  required to achieve the purpose/reason that the individual gave consent for
  • Personal data must be easily transferable from one company to another.
  • Personal data must be erased upon request.
  • Data breaches must be reported to parties affected by the breach within 72 hours from the detection of the breach.
  • GDPR does not supersede legal requirements for storage and processing of data; e.g. Health Records.

How do I start the process for compliance?

Get everybody involved: One department alone is unlikely to get everything right and it is best to get staff from across the organisation to to work together and understand what type of information is being stored a processed. It is important to understand which of your customers are affected (EU citizens) and how their data is currently being stored and processed.

It is also likely that updates will have to be made to any interactive processes that automatically collect Personally Identifiable Data (PII) to notify customers what data you are collecting and what you will do with it.

Data protection plan: If you already have one, have it reviewed to ensure it aligns with the GDPR regulations. If not, now would would be a good time to implement one. The Personal Data Protection Commission has a really good guide to developing a data protection management programme. You can find at this link. They also have fact-sheet on the GDPR here.

 

Also, if you are looking for effortless way to protect your communication data against breaches, please do look at the solutions we offer.

RSS
Follow by Email
Facebook
Google+
Google+
https://www.ktss.asia/blog
Twitter
LinkedIn