Enterprise Email
10 min read

Complete Guide to Enterprise Outbound Email Security

Your company, no matter the industry, will at some point need to deal with sensitive data - financial or personally identifiable information you have an obligation to protect.

Email is one of the most common forms of interaction between you and your customers, and so it is frequently used to communicate this sensitive data (intentionally or not). This needlessly puts your business at risk. By endangering customer data, you leave your business and colleagues open to significant fines, not to mention the damage a data leak could do to its reputation.

We’ve got you covered. At Beyond Encryption, we’re pretty nerdy about email security. Follow the best practices in this guide to ensure any confidential emails you send are protected.

 

What's wrong with a standard email?

Email was created as a method of sharing files and messages between individuals at the Massachusetts Institute of Technology (MIT). Although it has developed to become a worldwide communications standard, the level of inbuilt security remains largely unchanged.

Think of your standard emails as a postcard that you are sending through the mail to your recipient. Anyone who comes into contact with it, such as the postman or the sorting office staff, can read what you have written on this postcard. If what you have written is sensitive in nature, then you and your assets are now at risk.

For businesses that regularly include confidential data within their outbound emails, this leaves your messages vulnerable to several different threats.

 

What are the most common outbound email threats?

There are two key threats to data sent by email: human error and interception.

Human error

Otherwise known as insider risk, human error includes non-cyber mistakes such as:

  • Sending an email to the wrong recipient, with research revealing that 52% of surveyed respondents have done this at least once
  • Bcc’ing in the wrong individuals to an email
  • Attaching the wrong file to an email

By sending the wrong attachment or emailing the wrong person, employees unintentionally reveal sensitive information to third parties. Human error is considered to be the most common cause of data breaches and is estimated to be the driving factor behind 95% of successful security attacks.

 

Interception

Email interception is where third parties intentionally gain access to your emails and the information stored inside, usually at one of the following four points of an email's journey:

  • Sender’s device
  • Network
  • Email server
  • Recipient’s device

Although these are often password-protected, a study has revealed that it only takes 10 minutes to crack a 6 character long, lowercase password. This leaves not just one, but all your business emails open to risk.

 

Whether by human error or interception, the unintentional disclosure of sensitive information can be costly. According to 2021 IBM research, a data breach costs businesses an average of $4.24 million. Introducing robust email security systems goes a long way to eliminating this risk.

 

What is outbound email security?

A lot of your business security measures protect against inbound threats – attacks on held assets. With email, the biggest risk comes from sending what you want to protect out into the world.

Outbound email security is key to wrapping the sensitive data you send in a layer of protection, so it remains intact, unmanipulated, and unseen until it reaches its intended recipient.

When you’re looking at outbound email security solutions, you want to protect every part. That includes the text in your messages and attachments both in transit and at rest.

Here are the core protections every business should be looking at for their outbound emails:

 

Encryption

The Information Conduct Authority advises that customer data should be encrypted to ensure secure processing. This is something that can be done easily with a solution like Mailock®.

Encryption works by disguising your email messages and attachments by turning them into code that is unreadable to human eyes. It does this by utilising ‘keys’ that encode and decode the contents of your emails. With advanced encryption standards (e.g., AES-256), a third party who does not possess a key cannot access the data, as brute force attacks are simply out of the question.

Unfortunately, not all encryption standards are alike. The level of protection offered out of the box by many email clients is not enough to guard your emails against the most common threats.

There are two main types of email encryption to be aware of:

Encryption-in-transport: Otherwise referred to as Transport layer security (TLS), this is the standard level of encryption offered natively by most email providers. TLS works by encrypting the connection between you and your recipient, securing your messages as they move between email providers and blocking unwanted access.

However, as your emails are only encrypted during transfer, they have no protection when at rest within a server or inbox, leaving your data vulnerable to third parties during this time. Additionally, TLS encryption requires both the sender and the recipient to be using TLS to ensure the email is sent securely.

End-to-end encryption: In end-to-end encryption, emails are encrypted within your device before being sent and are only decrypted after reaching the required mailbox. End-to-end encryption does not have the same vulnerability as TLS, ensuring that only the sender and receiver receive the keys that can decrypt the contents of the email, preventing third parties from accessing your message at each stage of its journey.

Any business sending highly sensitive information by email should make sure their messages are encrypted throughout their journey with end-to-end encryption.

 

You also need to be aware of which encryption algorithm should be used for your email security. Where encryption is seen as the method by which information is converted into code, the encryption algorithms are the formulas that physically encode and decode your emails. Currently, there are three main algorithms to consider:

DES: As the original encryption algorithm, DES is now outdated in its natural form. Instead, some companies use triple DES, which involves utilising three individual 56 bits DES keys, adding up to a total length of 168 bits.

RSA: A form of asymmetric encryption, the RSA algorithm provides the sender and receiver two different keys with which to encode or decode emails. Although this makes it considerably harder to crack, it also means that it is significantly slower to use, with the encryption and decryption process taking a long time to complete.

AES: A form of symmetric encryption that provides the sender and receiver with the same keys in which to encode and decode emails. AES is believed to be extremely efficient, proving keys in 128, 192 and 256 bits which are extremely resistant to all attacks. It is also easier to implement into your systems, along with the encryption and decryption process being much faster than RSA.

 

Two-Factor Authentication

Although encryption goes a long way to prevent email interception, it doesn’t stop human error, such as sending an email to the wrong person.

Adding an additional layer of authentication to your emails to verify the identity of your recipients ensures even if you send a message to the wrong person’s inbox, they can’t open it.

There are two levels of authentication available for outbound emails:

Single-factor authentication: This is the most basic form of authenticationa username and password is required to gain access (e.g., your email account login details). The drawbacks of single-factor authentication are well-known: the ease of breaking passwords by brute force, guessing passwords, or simply gaining access to devices already (or always) logged in.

Two-factor authentication- Two-factor authentication is the addition of an extra layer of defence, with individuals needing to pass a further authentication challenge, alongside inputting their username and password. These additional challenges usually include one of the following aspects:

  • Something you have. For example, inputting an SMS code from your mobile phone.
  • Something you know. For example, answering a security question.
  • Something you are. For example, biometrics such as fingerprints.

By adding two-factor authentication to sensitive emails, you ensure two things: 1. any emails that accidentally get sent to the wrong person can’t be opened, 2. if someone gains unauthorised access to your recipient’s inbox, they still can’t read the sensitive message. Two-factor authentication is becoming the standard for high-value account logins via a web browser (e.g., banking and finance) and email should be treated as no less critical to protect.

 

Revoke

When you make a mistake, don’t you wish you could take it back? An important function that helps combat any negative impact from human errors is email revocation.

When you send an email to the wrong person or the wrong email attachment to the right person, revoke allows you to retrieve the message directly from the person's inbox. This prevents sensitive information from falling into the wrong hands, reducing the risk of a data breach.

Email providers such as Outlook already offer built-in revoke capabilities. However, as with encryption, not all email revoke systems are alike, and Outlook’s basic recall feature will only work if:

  • Your recipient has not already opened your message.
  • The email has not been redirected to a folder other than ‘inbox’.
  • Your recipient is using an email provider other than Outlook, such as Gmail.
  • If you are using Outlook for the web or the Outlook mobile app.

For more information on recalling an email in Outlook, you can read our handy guide.

 

Auditing

It’s important for companies to maintain audit trails of their communications, helping them to keep track of the information being transmitted between employees and customers and identify potential data breaches.

Audit trails are also essential for meeting regulatory requirements and maintaining compliance, especially within industries that handle sensitive data, such as financial services, medical and IT. To receive and maintain accreditation by the ICO, it is vital to keep track of the volume and nature of personal data being processed, plus any notification details and history.

In other words, when compiling an audit trail for your email communications, it is important to remain aware of the following:

  • Who has sent the email
  • Who has received and accessed the email
  • What date and time the email was sent
  • What date and time the email was opened
  • What attachments or information were included within the email

 

Where can I get outbound email security for my company?

Some outbound email protection is likely to already be available to your business.

For example, both Gmail and Microsoft Outlook include basic TLS encryption and email recall abilities as part of their core offering. Of course, businesses that deal with sensitive data on a daily basis will need to consider a more robust system. If we had a penny for every business who trusted the basic security provided by their email client and ended up in hot water… well, we’re really passionate about email security so we’d probably be doing this, but you get our drift...

There are a range of products dedicated solely to outbound email security, including our own flagship solution, Mailock. We pride ourselves on having the most advanced outbound email security solution on the market, so we encourage our customers to shop around. The most important things to consider when looking at what’s on offer, are the functionalities available (encryption, authentication, revocation) and the level of protection they offer (e.g., TLS vs. end-to-end encryption). Use this guide as your framework for finding the solution that’s right for you.

Here’s a quick rundown of key questions to ask as you’re comparing products:

  • Does it integrate with existing infrastructure? Introducing technology that works alongside your CRM, DLP, antivirus and server-side signature is incredibly important.
  • Is it easy to use? A product can offer all the security in the world, but if your staff or customers cannot use it, issues will still occur through neglect.
  • Does it offer gateway and automation capabilities? Depending on the size of your business and its predicted growth, introducing a scalable solution that can automate the documents you send out (and your employee workload) will benefit everyone.
  • Does it protect against downtime? Software that allows for contingency planning, ensuring businesses receive minimal impact from downtime, is a

 

Mailock Enterprise

When considering the above questions, Mailock enterprise is sure to tick all the boxes. Our award-winning gateway seamlessly integrates alongside your existing DLP, CRM, and antivirus, protecting your business emails with military-grade, AES-256 encryption.

Not only do we provide the very best security, but Mailock enterprise allows you to:

  • Remain fully compliant with regulations such as GDPR, MiFID II and ISO 27001
  • Remove the need for costly print, pack and post, digitising your communications and helping you reach ESG goals
  • Empower and engage your customers, demonstrating your businesses as a leader in the protection of client data

Learn more about our enterprise solutions

 

Return to listing