Worried About Data Breaches? Encrypt Emails
Email continues to be the dominant form of business communication, yet many companies still send unencrypted emails. Nearly two-thirds of organizations that fall victim to a data breach hadn’t encrypted their data. When messages are relayed in clear text, hackers can intercept the information and steal or corrupt the data. Fortunately, there is a solution that allows employees to send and receive customer information, financial data, sensitive business files, and any other information you don’t want falling into the wrong hands. If you want to avoid data breaches, encrypt emails.
The State of Email Security Today
Email security is one of the biggest issues for organizations, simply because email is so widely used for sending and sharing information. If employees send any of the following by email and the message is hacked, you could have a legal and regulatory mess on your hands.
- Sensitive customer information such as social security numbers, passwords, and credit card numbers
- Health records protected by HIPAA
- Business files sent as attachments – whether you’re sending files to clients or colleagues
Another serious threat is phishing. Data breaches exposed 4.1 billion records in the first half of 2019. Seventy percent of those breaches contained emails and 65 percent contained passwords.
With stolen emails and passwords, a cyber attacker can send phishing emails. If successful, they could gain access to your entire system. According to the 2020 Verizon Data Breach Investigations Report, nearly a quarter of data breaches from 2019 involved email phishing. Through phishing, hackers can deliver malware, steal data, or simply cause network damage and downtime.
Even more alarming, phishing email rates have gone up since the pandemic started. One report found that from February to May 2020, phishing attacks increased, by up to 600 percent in some areas.
Why Is It Important for Email to Be Encrypted?
Email encryption protects data in transit and at rest by making it unreadable. Even if an unauthorized user stole personal or sensitive data, they can’t use it or alter it because it’s encrypted into ciphertext.
Email encryption is an important step in protecting against data breaches. The reality is, a data breach costs mid-sized businesses (those with 500 to 1,000 employees) $2.65 million, on average, according to IBM.
With more employees working from home during the pandemic and the increased use of BYOD (bring your own device) and mobile interactions, encryption has become a must-have for any sound business cybersecurity strategy. It’s also essential for meeting regulatory requirements that mandate data privacy protections.
How to Encrypt Business Emails
There are different methods used for encrypting emails. You can encrypt the email in transport, at rest on a server, or with end-to-end encryption.
- Transport Layer Security (TLS) protects email data in transit. Most email providers include TLS. While this basic level of encryption is a useful first step, it only encrypts the channel. Once the message arrives in the recipient’s inbox, it’s no longer protected.
- You can take data protection a step further by encrypting data at rest. This can involve using a cloud provider that encrypts data stored on servers and encrypting employee devices – all smartphones, USB drives, laptops, and tablets should be secure.
- With end-to-end encryption protocols such as PGP (pretty good privacy) and s/MIME (service/multipurpose internet mail extensions), the message is encrypted on the sender’s device using the recipient’s public key. The information is then decrypted once it lands in the recipient’s inbox with their private key.
There are intrinsic problems with both of these methods on their own at the enterprise level:
- With PGP, there’s no central database of public keys. Every individual you send an email to would have to share their key. Also, if the user loses their device, they lose their private key.
- With s/MIME, there is a central certificate authority that stores the public keys, but users can’t create a new private key if they lose their device.
This is where a third-party email encryption solution can handle the challenges of end-to-end encryption to ensure a smooth experience for all users. With Intermedia’s Email Encryption service, your recipients don’t need to do anything. You can send anyone a secure email.
From the business end, you can base your encryption parameters around industry regulations. This makes it easy to send HIPAA compliant encrypted emails and to meet compliance standards in highly sensitive industries including law and finance. Your organization can set, review, and customize your privacy policies and administer users.
The bottom line is, the more comprehensive your level of encryption, the more your business can protect itself from the losses of a data breach. The IBM Security Cost of a Data Breach Report found that encryption has the greatest impact on reducing the costs of a data breach, cutting losses by $360,000 on average.
Find out more about how easy worry-free email encryption can be.