Man stressed about sending email to the wrong person
101 Guide
6 min

What Is Email Encryption? Definition, Best Practices & Statistics

Posted by Picture of Sam Kendall Sam Kendall

Email encryption is the encrypting or disguising of email content to protect it from being intercepted. It is a key to outbound email security.

Encryption is often coupled with identity authentication in secure email solutions to make sure email contents can't be read by the wrong people.

What Is Email Encryption?

Email encryption is a security technique that involves encoding the contents of an email message.

Encryption essentially scrambles the message so that it is unreadable without the correct decryption key.

Encryption disguises the contents of your email, transforming messages and attachments into a code that cannot be read by human eyes. (9)

A decryption key can be permanently held or accessed by proving your identity through recipient authentication.

There are various encryption algorithms of differing strengths that can be used to secure emails depending on their sensitivity.

Who Needs To Encrypt Their Emails?

Anyone transmitting sensitive information by email should use email encryption.

This is crucial for preventing data breaches, identity theft, and cyber attacks.

Encryption is particularly important for businesses and professionals who regularly handle high volumes of sensitive data.

In many cases, encrypting customer data during digital transmission is not just a safety measure but a legal requirement.

Learn how to send secure business emails.

Why Is Email Not Secure?

Email has been around as long as the internet has, and it was never designed to be highly secure.

When you send an email, just like with any other data on the internet, it travels through multiple nodes in a network.

At any one of these points, a bad actor could be present. It could be at your mail server, your recipient's, or in between.

If your email contents are not encrypted, they can be accessed, even manipulated, on their journey.

Learn what a cyber criminal could do with your data.

What Data Needs Encrypting?

Sensitive information, like personally identifiable information or confidential documents, must always be encrypted.

This includes names, addresses, and birthdays, as well as passwords, banking data, business contracts, and proprietary information.

The risk isn't limited to external communications; internal emails within an organisation or on the same network are equally vulnerable.

In many cases, neglecting encryption can lead not only to data breaches but also to regulatory fines and reputational damage.

Learn about personally identifiable information.

How Does Email Encryption Work?

Email encryption transforms readable content into a secure format, making it unreadable to unauthorised individuals.

  1. Encryption Process: When you send an encrypted email, the content is scrambled using a cryptographic algorithm. This turns the readable text into ciphertext - a jumbled, unreadable format.
  2. Types of Encryption: Depending on the email encryption type use, the point at which an email is encrypted, and the strength of the encryption, can vary greatly. For example:
    • TLS (Transport Layer Security): Encrypts the email during transmission between servers, but if it fails to establish a secure connection, it can leave email contents readable.
    • S/MIME (Secure/Multipurpose Internet Mail Extensions): Provides end-to-end encryption by using a pair of permanently held cryptographic keys, and is only possible if  the sender and recipient have obtained a digital certificate.
    • AES-256 (Advanced Encryption Standard): Encrypts the email on the sender's device, remaining encrypted until decrypted by the recipient using military-grade security, regardless of the technology they use for email.
  3.  Decryption Process: Upon reaching the recipient, the email is decrypted back into readable text, provided they have the correct key or the credentials required to access the correct key.

ML Free No Need To Switch

This process ensures that even if an email is intercepted, its contents remain unreadable to anyone except the intended recipient.

Encryption Best Practices

How can you make sure the right emails are encrypted? Here are some email encryption best practices.

Matching Your Setup To Your Needs

Encrypting emails can range from manually encrypting individual messages to rule-based encryption based on the inclusion of different types of sensitive information.

Bulk, automated encryption for the delivery of information to recipients at scale might be necessary for some businesses.

You should ensure that the way you are able to initiate the encryption process matches how sensitive data is being sent.

Choose the Right Encryption Solution

Outlook users can encrypt emails natively, but this encryption is not suitable for most types of sensitive data.

Dedicated business solutions, like Mailock secure email, can provide additional features for exchanging sensitive messages.

If you're looking for a tool to protect emails to customers, it is especially important you choose a solution that works for them too.

Read our guide to the best secure email services.

Adding Authentication To The Mix

It's not enough simply to encrypt sensitive emails - this still leaves them vulnerable to the leading cause of data leaks, human error.

To prevent sensitive emails from being sent to the wrong people, you should combine email encryption with recipient authentication.

This ensures that even if an email is sent to the wrong address, unauthorised persons cannot access it.

Learn more about email recipient authentication.

Email Encryption In Outlook/365, Gmail, & iOS

The most common email clients including Outlook, Gmail, and iOS provide a level of basic encryption:

  • Most email providers offer TLS encryption as standard and optional S/MIME encryption with a digital certificate.
  • A Microsoft 365 E3 licence gives enterprise users additional functionality in the form of Microsoft 365 Message Encryption (MPME).

A key difference between the S/MIME encryption standard and the encryption available with MPME is compatibility.

Whereas the encryption offered as standard by providers requires the recipient's email client to be S/MIME compatible, MPME is more reliable, protecting emails regardless of a recipient's email provider.

"The rights management (MPME) feature is intended as a tool to prevent accidental misuse and is not a security boundary."

— Microsoft spokesperson, 2022

It must be noted that MPME's encryption strength is designed for prevention and not security and it is not suitable for the delivery of information to customers in high volumes due to rate limits.

For email encryption to protect sensitive enterprise customer communications, a dedicated secure email service is required.

Learn more about secure email services for businesses.

What Native Email Encryption Doesn't Do

It's clear that the native email encryption provided by most email clients isn't designed to support customer communications at scale.

This is partly due to volume and their level of security, but it's also important to consider how your recipients will respond.

Are you sending documents to be filled in and returned?

The encryption offered by most email clients (S/MIME) protects email contents and attachments on delivery only.

If a business is communicating with its customers, its the business' responsibility to ensure two-way security.

Secure email solutions don't just offer added security, they enable recipients to easily reply with the same level of protection.

Learn more about secure email solutions and their features.

Key Statistics

The latest email encryption statistics, from the most reliable sources.

 Misfires

Emails sent to the wrong person are the #1 cause of reported data breaches in the UK, according to the UK Information Commissioner's Office (ICO).

Emailing sensitive information to the wrong person

 Interception

A 2017 study conducted by researchers from the University of Michigan and California found that between 4% and 10% of internet traffic is intercepted.

 Volume

An estimated 340 billion emails are sent and received each day according to research provided by Statista.

 Conversations

The average office worker sends 40 emails a day and receives 121 emails a day according to research vetted by The Guardian.

 Error

Over 1/4 of UK adults have accidentally shared personal data via email with the wrong recipient according to our research.

 Reputation

CSO Online reports that 46% of businesses that suffer from a data breach see negative repercussions affecting reputation and brand value.

Vital For Digital Security

Email encryption is a vital component of digital security, transforming sensitive information to prevent unauthorised access.

With various encryption types like TLS, S/MIME, and AES-256, users can choose the appropriate level of security for their needs.

Combining encryption with authentication further enhances protection for customer communications.

While email clients offer basic encryption, specialised solutions are recommended for enterprise use.

Understanding and implementing these practices is key in safeguarding communications against cyber threats and maintaining privacy.

 

Originally posted on 01 10 22
Last updated on December 20, 2023

Posted by: Sam Kendall

Sam Kendall is an expert researcher, editor, and marketing specialist. He has worked with B2B brands for almost a decade helping them to refine their digital strategy and streamline ground-level implementation. Sam is passionate about new developments in user experience, demand generation marketing, and customer communications.

Return to listing