Companies and public administrations have never feared being the target of cyber attacks more than they do now. Theft or data corruption, data locked by ransomware, such threats can jeopardize and weaken the victims’ activities. One of the most widespread attack vectors is the email system, which is the entry point for malicious code to penetrate and spread throughout the information system. While encryption remains the most secure way to protect data, email encryption makes it possible for it to circulate in complete confidentiality.

Despite the arrival of new means of communication such as instant messaging, sharing and collaborative software, or even social media, email is still the most widely used method of exchanging information in the professional environment. According to a study by Statista in 2021, every day 319.6 billion emails are exchanged worldwide, which represents a growth of 4.3% compared to the volumes recorded in 2020.

In France, the number of daily emails exceeds 1.4 billion, at least half of which are spam, whether malicious or not. How do the good from the bad? The task is increasingly complex for businesses despite the deployment of anti-virus and anti-spam solutions. If it was relatively easy to detect a dangerous email two or three years ago due to its clumsy spelling, its approximate layout or its suspicious address of origin, the progress made on these subjects by attackers since then is huge. Of course, businesses try to repel these attacks by deploying security or protection solutions. But, as the French National Information Security Agency (ANSSI) reminds us in its “Recommendation Guide for System Information Security : ” If detection mechanisms are relevant for data stored in clear, it doesn’t cast doubt on the importance to encrypt emails body and attachments that require it “.

The answer seems obvious. Exchanging readable message bodies and attachments on the Internet gives attackers a means to retrieve valuable information very easily. It can be elements about the senders of the emails, such as their email address, but also all the information they reveal in the message: bank account details, a postal address, or even habits and preferences, all of which is valuable information to better customize a phishing attempt. But in the exchange of professional emails, the risk is even higher with the sending of attachments containing sensitive information such as financial, marketing, business or technological data. Encrypting emails is a particularly effective way to make the exchanged information unusable by attackers.

Internet email providers have long offered their users the option of connecting to their email using secure protocols such as HTTPS (Gmail, for example), or by activating their email TLS protocol (Microsoft Outlook, for example). But is that enough?

Remember that this type of secure protocole encryption only covers the transfer of the data between the workstation and the email provider’s server. Nothing stops the recipient of your message from retrieving it in readable form without having to connect to the email server.
That means only part of your email’s route is secured by the protocole. To guarantee the security of your exchanges during the whole process, end-to-end encryption is required. This end-to-end encryption is an additional precaution and will protection from possible data leaks at your email provider.
By including an encryption tool in your corporate email system, users send email as usual, without any additional action to initiate encryption. The body of the email and any attachments are automatically and transparently encrypted. For the recipient, the emails are decrypted locally.

The emails are encrypted or decrypted thanks to users’ password or certificate. (secrets). These secrets are never entrusted to third-party machines/software (VPN, encryption units, etc.), this guarantees that the content of email can only be understood by those with the key. (right-to-know).

By encrypting your emails, you will avoid the leakage of sensitive or confidential business information and the ensuing inconveniences.

To go further and ensure your data is secure during its whole lifecycle, you can also encrypt data even more secure, don’t just encrypt it when you share it by email: remember to encrypt the contents of your disks (local and network). This will make life even more difficult for hackers and you will truly guarantee the security of your data!

^[1] https://www.statista.com/statistics/456500/daily-number-of-e-mails-worldwide/

^[2] https://geekflare.com/personal-data-on-the-dark-web/

Photo by Brett Jordan on Unsplash