Professional man using laptop to send secure emails in office
Article
8 min

Secure Email For Business: Email Encryption Best Practices

Posted by Picture of Sam Kendall Sam Kendall

Email is the backbone of business communication. Without it, many businesses would grind to a near-halt. Unfortunately, email is also a leading cause of data breaches and business interruption. In this post, we explore why business email encryption is important and how secure email can protect businesses and their customer data.

Although inbound attacks such as phishing are on the rise, the most common risk to businesses is the messages they send out into the world.

Outbound email risks include:

  • Email interception, where confidential information is intercepted by an unauthorised third party on the way to its addressed recipients.
  • Email misfires, where an unsecured confidential email is misaddressed and delivered to unauthorised third parties due to human error.

Outbound email risks are the most common causes of business email compromise, which can lead to reputation damage, regulatory fines.

So how does a business protect itself from sending confidential information unsecured? Let's take a look at how secure email for businesses can help you to avoid outbound email risk.

What Is Secure Email?

Secure email is a catch-all term for encryption and authentication solutions designed to protect outbound emails from falling into the wrong hands.

Secure email solutions for businesses offer two primary modes of protection:

  • Email encryption, which disguises email contents and attachments so they can’t be accessed by unauthorised parties if intercepted.
  • Email authentication, which locks emails behind an authentication challenge that recipients must correctly answer to open them.

Although all email providers offer some level of encryption and authentication, these are designed to protect everyday consumer emails.

For businesses handling sensitive customer information, many will find the features offered by their email provider do not meet certain standards of compatibility, ease-of-use, and regulatory compliance.

Note:

Most email providers offer TLS and S/MIME capabilities. These help to protect messages by encrypting data in transit and digitally signing them so organisations can verify they come from the right person. However, they are not fit for purpose when used alone to secure confidential business emails, one reason being that they are not compatible with all receiving email clients. They also lack the multi-factor authentication capabilities to ensure unauthorised parties cannot gain access. Read more about encryption types.

Let’s take a look at your options for business email encryption and authentication when using Outlook, Gmail, and Apple Mail. We’ll breakdown the pros, cons, and alternative solutions.

How To Secure Business Emails Using Microsoft 365/Outlook

Microsoft 365 and Outlook are part of an expansive ecosystem, so your secure email options differ depending on your business’ package. Let’s take a look.

Microsoft Purview Message Encryption (Basic)

Availability: All 365 plans excluding E1/Basic

Outlook secure encrypt message

Microsoft Purview Message Encryption can encrypt business emails sent both within and outside of your organisation and the Microsoft ecosystem.

Secure emails sent to recipients using Outlook see your message appear within their inbox, auto-decrypted, just like a normal email.

Secure emails sent to recipients using other email clients receive a notification email and click to open the secure Microsoft portal. They must sign in with a Microsoft, Yahoo, or Gmail account to access the message in their web browser.

The requirement to be logged into an email account to gain access to confidential information is enough to prevent many forms of attack.

Most email accounts require you to use multi-factor authentication (e.g., an SMS code) by default. However, this can be turned off, so you are leaving data security in the hands of your recipients.

Pros:

  • Messages are auto-decrypted for recipients using Outlook

Cons:

  • No multi-factor verification (if the recipient inbox is hacked, data is vulnerable)
  • Only supports authentication for Microsoft attachments (e.g., docx, xls)
  • No revoke functionality (you can ‘request’ a recall for unopened messages)
  • MPME only works seamlessly with other Microsoft products. Recipients using non-Microsoft email clients will need to access the message through a web portal.

Initialisation:

  • User option in Outlook
    • To encrypt an email in Outlook, click the “Encrypt” button above the compose pane and select “Encrypt”. (You may need to add this option to your toolbar by hitting “Customise Toolbar” first.)
  • Administrator message rules
    • To enable MPME for use with message rules, you will need to use Microsoft PowerShell to enable access if it is not already enabled. You can then head to your Exchange Admin Centre and configure your rules under Mail Flow > Rules using the option “Encrypt” from the RMS template list.

Microsoft Purview Message Encryption (Advanced)

Availability: E3/E5 365 plans (or as add-on to other plans)

Microsoft Purview Message Encryption (Advanced) brings a few additional controls and features to MPME (Basic), including branding, a revoke option, and keyword triggers.

Man on the phone in office next to computer

Options to revoke and set expiry periods on secure emails extend your secure business emails with a last-resort lockdown option.

Keyword triggers are useful for initiating security based on your company’s policies regarding personal data and information security. These can be set up so that if particular phrases are detected, an email will be encrypted.

However, the core security that protects messages from unauthorised access is the same in both the Basic and Advanced versions of MPME. If any of your recipients’ email accounts are compromised, so are any confidential emails that they receive.

Initialisation:

  • User option in Outlook (same method as Basic MPME)
  • Administrator message rules (same method as Basic MPME)
  • Email keyword triggers
    • To configure advanced mail flow encryption rules using keywords and other information formats, take a look at this guide.

Pros:

  • Messages are auto-decrypted for recipients using Outlook
  • Branded templates for an improved recipient experience

Cons:

  • No identity verification (if the recipient inbox is hacked, data is vulnerable)
  • Only supports Microsoft attachments (e.g., docx, xls)
  • No reliable revoke option (only works for emails sent outside your organisation using rules to apply a branded wrapper, accessed through the web portal)

Tip:

You can install third-party secure email solutions in Outlook that are designed specifically for business email compliance. These are more likely to give you an expanded set of tools for encryption that you can customise to your business needs (without venturing into the depths of PowerShell!). One of these solutions is Mailock, which is built for UK compliance, though of course, there are other email encryption solutions on the market. Do your research to find the right option for you. Third-party solutions are also likely to be more affordable than upgrading your 365 licence.

How To Secure Business Emails Using Gmail And Apple Mail

Gmail and Apple Mail offer no secure email functionality that could support a business to encrypt confidential emails at scale without compatibility issues. TLS and S/MIME are offered but neither, used alone, guarantees delivery and security to all recipients.

Gmail send message securely

There is also no authentication capability within Gmail or Apple Mail to make sure that the people receiving a message must verify their identity to gain access. Email sent using its encryption are no more secure than the rest of the emails in a recipient’s inbox.

Few information security regulators would advise using Gmail or Apple Mail’s native capabilities (as of 2022) to secure sensitive information and comply with regulatory guidance. For this reason, we’ll take a look how a third-party tool like Mailock can help.

Secure Email For Gmail And Apple MailMailock secure compose pane

If you’re using Gmail or Apple Mail for your business, don’t worry - you can still send confidential information by email. You have two options to go secure:

  • Third-party webmail: Many secure email solutions (such as Mailock Pro) provide you with a web browser-based interface, which you can log into to compose secure emails, add attachments, and set authentication challenges for recipients.
  • Third-party gateway: Some secure email solutions (such as Mailock Enterprise) offer what’s called a encryption gateway, which can be hosted on-premise or in the cloud with confidential emails passing through it to be secured before they leave your infrastructure. Gateway encryption can be initiated using keywords, rules, or API calls triggered by custom functionality within your email infrastructure.

The solution you use will depend on the scale of your operation and the volume of confidential information being shared. If you’re not sure of the best option for your business, we offer free, confidential advice on securing your communications.

Why Is Multi-Factor Authentication So Important?

The word “secure” can mean a lot of things to a lot of people. It's not just about protecting data from hackers, scammers, and other bad actors.

It's also about preventing the release of sensitive information - like customer names, credit card numbers, addresses - to people who shouldn't see them.

Professional woman typing on office computer

Encrypting an email protects data on its way to an inbox, but it doesn’t make sure it gets to the right person. As we become more reliant on digital communication and more aware of the top email risks, this distinction is increasingly important to recognise.

Here are the most important reasons why multi-factor authentication should play an essential part in securing your sensitive business emails:

  • Multi-factor authentication offers message-level security so that, even if someone gains access to one of your recipient’s email inboxes, they cannot open an email containing confidential information or files.
  • Multi-factor authentication provides evidence that information has been delivered to the right person. In professional services, this is often a requirement for regulatory compliance in certain transactions.
  • Multi-factor authentication prevents 99.9% of automated cyber-attacks according to a study conducted by Microsoft in 2019.
  • Multi-factor authentication prevents against the most common cause of a data breach – human error. If a sensitive email is sent to the wrong address, they are unable to open it without passing a challenge.

Protect Your Business

At Beyond Encryption, we help businesses secure their communications without compromising the customer experience or operations.

We run live demos for enterprise businesses looking to secure their business emails. You can also sign up for a free trial of our secure email solution, Mailock, to encrypt emails using your browser or Outlook.

Deliver sensitive information securely with Mailock

 

Originally posted on 03 11 22
Last updated on March 22, 2024

Posted by: Sam Kendall

Sam Kendall is an expert researcher, editor, and marketing specialist. He has worked with B2B brands for almost a decade helping them to refine their digital strategy and streamline ground-level implementation. Sam is passionate about new developments in user experience, demand generation marketing, and customer communications.

Return to listing