Email Encryption 101

What is email encryption?

Definition, best practices
and need-to-know statistics

Man stressed about email data leak

What is email encryption?

Email encryption is the encrypting, or disguising, of email content to protect it from being intercepted. It is a key piece of outbound email security. Encryption is often coupled with identity authentication in secure email solutions to make sure email contents can't be read by anyone other than the intended recipient.

IT department working on cybersecurity

Who needs to encrypt emails?

As businesses go through digital transformation, sensitive data is no longer kept in on-premise servers within an office building.

Information is transmitted between individuals no longer sat within the same four walls. Threat actors look to exploit these periods of disruption, when a password, account number, or sensitive document is sent by open-risk email giving them an entry point from which to carry out their attack.

IT professionals discussing integration-1

Essential reads:

Man sending secure email in Outlook on desktop computer (1)

The Role of Outlook Encryption Software

With 20,000 organisations facing compromised Outlook accounts in March 2021 alone, how can you make sure your emails are safe?...

Woman writing secure email

Guide to Outbound Email Security

A comprehensive guide exploring the available security options on the market for protecting your confidential outbound emails...

man typing on laptop using secure email-1

Secure Email User Report 2021

We surveyed our users to gain insights on how they use secure email and the benefits they see from protecting their outbound comms...

What's wrong with email?

Email has been around as long as the internet has, and it was never designed to be highly secure. When you send an email, just like with any other data on the internet, it travels through multiple nodes in a network.

At any one of these points, a bad actor could be present. It could be at your mail server, your recipient's, or somewhere in the middle. If your email contents are not encrypted, they can be accessed, even manipulated, on their journey.

Woman looking at computer at night

What data needs encrypting?

Whether by accident or negligence, sending the wrong data over open-risk email can be damaging. Regulators have the power to levy hefty fines against companies breaching data protection guidelines, not to mention the reputational damage.

If an email contains personally identifiable information, documents, or data that could harm your company if intercepted or manipulated in transit, then it should be encrypted. It's not just public-facing comms - internal emails are also a risk, with GDPR guiding how we store and process customer information. Even emailing a customer's address to a colleague could put your business at risk.

IFA in meeting with client business about data

Industry focus: financial services

Our latest research on users of encrypted email indicates the types of document regularly protected with email encryption. The survey, conducted primarily with professionals working in the UK financial services, found:

  • 45% regularly protect anti-money-laundering documents
  • 61% regularly protect proposal and policy documents
  • 42% regularly protect investment valuations
  • 50% regularly protect banking details
What do people protect with Mailock?

Encryption best practices

An estimated 333.2 billion emails are sent every day. There are certain types of information that employees know should not be sent "in the clear" but whether by ignorance, accident, or negligence, cybersecurity best practices can fall by the wayside. How can you make sure the right emails are always encrypted with the appropriate security? Here are some email encryption best practices.

iStock-540533122-1

Matching setup to needs

Depending on the volume of sensitive emails, there are different ways to initiate encryption.

You can encrypt individual emails using a button in your email client. This is a flexible option for one-to-one confidential email situations but is reliant on the sender.

Rule-based encryption recognises particular triggers for when there are types of information that should be encrypted company-wide. This takes the security responsibility out of the hands of the individual.

There are also situations where a business may need to encrypt documents in bulk, for example bank statements, by using automation.

  • It's important to ensure your email encryption solution covers all most the common scenarios in which sensitive information is sent over email.
Encryption initiation options

Outlook, Gmail, iOS, M365

The most common email clients including Outlook, Gmail, and iOS provide a level of basic encryption on delivery.

They all offer optional S/MIME encryption as standard, and a Microsoft 365 E3 licence gives users additional functionality in the form of 365 Message Encryption.

The key difference between the S/MIME encryption standard and the encryption available with 365 Message Encryption is compatibility. Whereas the encryption offered as standard by providers requires the recipient's email client to be S/MIME compatible, 365 Message Encryption keeps emails secure when delivered to recipients using any email provider.

  • The encryption provided by email clients can protect most emails on delivery, but they may not be protected when your recipient hits "reply".
Woman showing colleague how to use outlook

What email clients don't cover

It's important to ensure the level of encryption that you use suits your business' and your customers' needs. One key element in this is the volume at which you will need to exchange sensitive documents.

Are you sending documents to be filled in and returned? The optional encryption offered by most email clients (S/MIME) protects documents in transit on delivery. They will only be encrypted on the way from you to your recipient. On the way back, they'll be open to interception.

Equally, if someone can gain access to your recipients' inbox, they will be able to download and access any sensitive attachments.

howitworksAuto-1

Adding authentication to the mix

A layer of encryption is important, but it doesn't protect against the #1 cause of data leaks - human error. If you send a sensitive email to the wrong person, encryption won't protect you.

Secure email solutions combine identity authentication with email encryption, so even if you send an email to the wrong address, that person can't gain access. Authentication methods can include device checks, challenge questions, or third-party certificates.

If sending sensitive data to the wrong person is a concern, choosing an email encryption solution with authentication capabilities is the answer.

  • Are misfired emails a concern to your business? Choose a secure email solution with authentication to protect against human error.
Professional introducing Mailock to clients

Key statistics

The latest email encryption statistics you need, from the most reliable sources on the interweb.

icon

Misfires

Emails sent to the wrong person were the #1 cause of reported data breaches in the UK in Q3 21/22, according to the Information Commissioner's Office (ICO).
icon_purple_data-warning

Interception

A 2017 study conducted by researchers from the University of Michigan and California found that between 4% and 10% of internet traffic is intercepted.
Volume

Volume

In 2021, an estimated 316 billion emails were sent and received each day according to research provided by Statista.
icon_purple_person

Conversations

The average office worker sends 40 emails a day and receives 121 emails a day according to research vetted by The Guardian.
icon_purple_encrypt

Error

A survey conducted by Egress indicates that 52% of people have unintentionally sent an email containing sensitive information.
icon_purple_stars

Reputation

CSO Online reports that 46% of businesses who suffer from a data breach see negative repercussions affecting reputation and brand value.
Team looking at tablet

Mailock

Secure email for businesses of all shapes and sizes

Mailock secure email combines our award-winning encryption with identity authentication so your emails always reach the right person.