Ian Garland of Comparitech.com looks at why encrypted email services are so important for small businesses, and how you can implement email encryption easily and quickly.

 

What is email encryption? 

Most people wouldn't include sensitive information on a postcard, where anyone could read it. However, unless your company uses email encryption, this is exactly what you're doing. Normally, when you send an email, it's transmitted in plain text. This means that anyone observing your network (your network administrator or Internet Service Provider, for example) can see exactly what was said. 

In contrast, email encryption services run the contents of your email through a complex filter, completely obscuring the original message during transmission. The email is then decoded when it reaches the intended recipient, meaning that the only people who know what was said are the sender and receiver. 

Furthermore, as editing even a single character of the message drastically changes the encrypted string, encryption software makes it effectively impossible for an attacker to edit the contents of an email after it has been sent. 

What is email spoofing?

If you use a company VPN, your network traffic is already encrypted. However, email comes with its own specific threats. For example, it's incredibly simple to ‘spoof’ (forge) an email address which can appear to be the legitimate email address of someone you already trust.

This means you could inadvertently be sending confidential information to someone outside of the company. However, email encryption tools provide a fool proof way to confirm that the person you're talking to really is who they say they are.

What is public-key encryption?

Most email encryption tools use a technique called ‘public-key encryption’. Public-key encryption can be complex to understand, but essentially messages are encrypted using a publicly-available key, then decrypted with a secret key that only one person (your intended recipient) knows.

This way, even if you're asked for information by someone spoofing a co-worker's email address, the attacker won't be able to decrypt your reply, as they don't have your co-worker's private key. 

How do I set up email encryption?

The good news is that if you use a major service like Outlook, ProtonMail, or Gmail, your emails are already encrypted. On the other hand, if you're using a less popular client, you'll likely have to integrate encryption tools manually. However, there are packages that make this a relatively quick and easy process, with no in-depth technical knowledge required. 

All you need to do is install your chosen encryption software, use it to create a public and private key for each business email address, and upload the public key somewhere visible so that people can use it to contact you. It is essential, however, that you never share your private key, as doing so removes any protection this form of encryption provides. 

Should businesses use email encryption?

Email encryption not only prevents disgruntled employees from seeing conversations that they aren't privy to, but it also increases your overall security and helps prevent ‘spear-phishing’ email attacks, whereby spoof email addresses attempt to obtain sensitive information.

In short, email encryption requires a very slight time investment yet pays huge security dividends, making it vital for any SME or growing business.  

About the author

Ian Garland of Comparitech.com is a computing graduate with a love of technology and programming, particularly in the area of machine learning.

See also

SMEs: guide to preventing cyber attacks

SMEs: a guide to growing your business using PPC

Image: Getty Images