Email Encryption & Your Business: The Importance of Email Security

BOULDER, Colo., Oct. 7 /PRNewswire/ -- Email is the Predominant Business Communication Tool, Twitter is growing rapidly among business users, and millions of business users communicate on Facebook. Text messaging has become the default mode for personal communication for younger workers. Yet, despite these trends, email continues to be the dominant communications and file transport mechanism used in business today.

The Importance of Email Encryption

Email security is a huge challenge for businesses. Email is exposed at various points along its transmission, via backups, by IT staff members, or during firewall inspection. And not just the text: attachments account for around 96 percent of the total volume of content sent through email systems. The challenge is to protect the integrity of the attachments, as well as the text.

Unencrypted email messages and files are sent in clear text, allowing them to be intercepted, either by accident or with malicious intent. Just the email auto-fill feature used to complete a co-worker's name accounts for many errors. We forward emails which contain long threads, and may not even realize who is copied, or who may receive a forgotten attachment.

It happens all the time. For example, in May 2009 a staffer at the Office of the State Superintendant of Education in Washington, D.C., emailed personal information about 2,400 applicants to 1,000 of these applicants, by mistakenly attaching a spreadsheet.

Hackers or others with malicious intent can intercept these messages and read them. Consider an online bookstore called Interloc. To increase marketing results, Interloc offered its clients email services, and then copied all the emails sent to Amazon.com without the permission of the affected parties.

How Should Content Be Encrypted?

There are numerous ways to use email encryption, all with advantages and disadvantages.

• Transport Layer Security: Provides gateway-to-gateway encryption over TCP/IP connections. Both parties must support TLS to encrypt automatically, but the business must purchase an infrastructure certificate, does not provide notifications, and can be slow.
• Manual Encryption Methods: Some email security software allows users to manually encrypt messages by adding a certain prefix, which requires the receiver to go through a series of processes to read the email. This offers the user the flexibility to choose which messages to encrypt, but it also requires extra steps, training, and an additional user interface for the security software.
• OpenPGP: An encryption standard for any kind of content and attachment, OpenPGP uses asymmetric encryption keys that are discoverable via open source and global directories. This enables messages to be sent to multiple recipients, each using their private key for decryption. However, this protocol is not built into many systems, and uses keys and software to use OpenPGP.

Businesses must also consider that encryption will impact other organization technologies, such as virus scanning and email archiving, among others.

Email encryption is critical for a variety of reasons, from battling outsiders' malicious intent to complying with regulatory obligations. To protect data integrity, businesses must consider a variety of complex solutions. Consider Webroot for award-winning email security software management.

SOURCE Webroot