What is Email Encryption? Definition, Best Practices & Stats

What is email encryption?

Email encryption is the encrypting, or disguising, of email content to protect it from being intercepted. It is a key piece of outbound email security. Encryption is often coupled with identity authentication in secure email solutions to make sure email contents can't be read by anyone other than the intended recipient.

Who needs to encrypt emails?

As businesses go through digital transformation, sensitive data is no longer kept in on-premise servers within an office building. Increasingly, information is transmitted between individuals no longer sat within the same four walls. Hackers look to exploit these periods of disruption, when something sent by open-risk email such as a password, account number, customer form gives them an entry point to to intercept information for gain.

IT professionals discussing integration-1

Sending a Secure Email in Outlook

With 20,000 US organisations facing compromised Outlook accounts in March 2021 alone, how can you make sure your emails are safe?

Read

Guide to Outbound Email Security

A comprehensive guide exploring the available security options on the market for protecting your confidential outbound emails.

Read

man typing on laptop using secure email-1

Secure Email User Report 2021

We surveyed our users to gain insights on how they use secure email and the benefits they see from protecting their comms.

Read

What's wrong with email?

Email has been around as long as the internet has, and it was never designed to be highly secure. When you send an email, just like with any other data on the internet, it travels through multiple nodes in a network. At any one of these points, a bad actor could be present. It could be at your mail server, the server of your recipient, or somewhere in the middle. If your email contents are not encrypted, they can be accessed, even manipulated, before reaching their destination.

What data needs encrypting?

Whether by accident or negligence, sending the wrong data over open-risk email can be damaging. Regulators have the power to levy hefty fines against companies breaching data protection guidelines, not to mention the harm to your reputation that could result. If an email contains personally identifiable information, documents, or data that could harm your company if intercepted or manipulated in transit, then it should be encrypted. It's not just public-facing comms - internal emails are also a risk, with GDPR guiding how we store and process customer information. Even sending a customer's address to a colleague could put your business at risk.

IFA in meeting with client business about data

Industry focus: financial services

Our latest research on users of secure email indicates the types of document regularly protected with email encryption. The survey, conducted primarily with professionals working in the UK financial services, found:

45% regularly protect anti-money-laundering documents
61% regularly protect proposal and policy documents
42% regularly protect investment valuations
50% regularly protect banking details

Encryption best practices

An estimated 333.2 billion emails are sent every day. There are certain types of information that employees know should not be sent "in the clear" but whether by ignorance, accident, or negligence, cybersecurity best practices can fall by the wayside. How can you make sure the right emails are always encrypted with the appropriate security? Here are some email encryption best practices.

Matching setup to needs

Depending on the volume of sensitive emails, there are different ways to initiate encryption. You can encrypt a single email using a button in your email client. This is a flexible option for one-to-one confidential email situations but is reliant on the sender. Rule-based encryption recognises particular triggers for when there are types of information that should be encrypted company-wide. This takes the security responsibility out of the hands of the individual. There are also situations where a business may need to secure documents in bulk, for example bank statements, by routing them through an encryption service.

It's important to ensure your email encryption solution covers all most the common scenarios in which sensitive information is sent over email.

Outlook, Gmail, iOS, M365

The most common email clients including Outlook, Gmail, and iOS provide a level of basic encryption on delivery. They all offer optional S/MIME encryption as standard, and a Microsoft 365 E3 licence gives users additional functionality in the form of 365 Message Encryption. The key difference between the S/MIME encryption standard and the encryption available with 365 Message Encryption is compatibility. Whereas the encryption offered as standard by providers requires the recipient's email client to be S/MIME compatible, 365 Message Encryption keeps emails secure when delivered to recipients using any email provider.

The encryption provided by email clients can protect most emails on delivery, but they may not be protected when your recipient hits "reply".

Woman showing colleague how to use outlook

What email clients don't cover

It's important to ensure the level of encryption that you use suits your business' and your customers' needs. One key element in this is the level to which you will need to exchange sensitive documents. Are you sending documents to be filled in and returned? The optional encryption offered by most email clients (S/MIME) protects documents in transit on delivery. They will only be encrypted on the way from you to your recipient. On the way back, they'll be open to interception. Equally, if someone can gain access to your recipients' inbox, they will be able to download and access any sensitive attachments.

If you need to encrypt sensitive documents in transit on both delivery and return, you will need to install a third-party encryption service.

Adding authentication to the mix

A layer of encryption is important, but it doesn't protect against the #1 cause of data leaks - human error. If you send a sensitive email to the wrong person, encryption won't protect you. Secure email solutions combine identity authentication with email encryption, so even if you send an email to the wrong address, that person can't gain access. Authentication methods can include device checks, challenge questions, or third-party certificates. If sending sensitive data to the wrong person is a concern, choosing an email encryption solution with authentication capabilities is the answer.

Are misfired emails a concern to your business? Choose a secure email solution with authentication capabilities to protect against human error.

Professional introducing Mailock to clients

Key statistics

The latest email encryption statistics you need, from the most reliable sources.

Misfires

Emails sent to the wrong person were the #1 cause of reported data breaches in the UK in Q3 21/22, according to the Information Commissioner's Office (ICO).

Interception

A 2017 study conducted by researchers from the University of Michigan and California found that between 4% and 10% of internet traffic is intercepted.

Volume

In 2021, an estimated 316 billion emails were sent and received each day according to research provided by Statista.

Conversations

The average office worker sends 40 emails a day and receives 121 emails a day according to research vetted by The Guardian.

Error

A survey conducted by Egress indicates that 52% of people have unintentionally sent an email containing sensitive information.

Reputation

CSO Online reports that 46% of businesses who suffer from a data breach see negative repercussions affecting reputation and brand value.

Business Team Looking at tablet and smiling

Mailock

Secure email for businesses of all shapes and sizes

Mailock secure email combines our award-winning encryption with identity authentication so your emails always reach the right person.

Learn more

Email Encryption 101

What is email encryption?

Definition, best practices
and need-to-know statistics