How to Send Secure, Encrypted Emails (and Attachments) (Part Two)

June 10, 2020

How to Send Secure, Encrypted Emails (and Attachments) (Part Two)

In Part One of the three-part series of articles on How to Send Secure, Encrypted Emails (and Attachments) we considered types of cyber-attacks; weak email points; and vulnerabilities of transfer protocols.

In this part, we’ll talk about what shapes a strong email security solution.

Searching for a Solution

First things first, let’s comprehend probably the main principle of secure email: data has to be fully protected with encryption at rest, in transit, and in use.

Second of all, in order to be certain that no one intercepts your email messages, your connection must be end-to-end encrypted.

Indicators of Secure Email

There are four key indicators, or properties, that appeal to secure email:

Confidentiality. To keep information confidential, email content and its attachments must be encrypted.

Integrity. The content of the email is received as it has been sent. This can be achieved by means of hashing functions.

Authentication. The recipient must be assured that the email was sent by the same person who wrote this message. This can be achieved by means of key agreement, email authentication, or with digital signatures.

Non-repudiation. It ensures the sender is the one actually who sent a message. Non-repudiation can be achieved by means of digital signatures.

Secure Email Means Encrypted Email

Encryption comes in two ways:

symmetric, which means both ends will use the same key for encryption and decryption;
asymmetric, which prescribes secure exchange of public and private keys.

Symmetric encryption uses a secret key that should be initially exchanged between communicating parties. The sender and the recipient use it to encrypt and decrypt all the messages.

The most widely used symmetric algorithm is AES-128, AES-192, and AES-256. AES encryption is considered strong — the longer the key, the more secure the message.

Asymmetric encryption uses a pair of keys to encrypt a plain text: the public key of a recipient is available to a sender who wants to send an encrypted message; the private key is kept in a secret. An email that is encrypted by the sender using a public key can only be decrypted with a recipient’s private key.

Popular asymmetric key encryption algorithm includes RSA and Elliptic curve cryptography.

Also, it is of vital importance to control the encryption keys, because security of information depends much on it.

Email Security for Industries

Secure email encryption protects both your online business and your customers' sensitive information.

If you exchange your confidential, financial or personal information via email on a regular basis, despite what industry your business relates to, encryption preserves your data from the disclosing.

Nonetheless, secure email encryption is only one part for the success of secure business correspondence – compliance with government regulations is an important one and must be number one priority for organizations as well.

Businesses – doctors, lawyers, financial advisers – that send sensitive information to their clients are required to have encrypted email service.

So, eventually, the question on the subject resolves into this: how to exchange sensitive information and share emails and attachments securely between different professionals in different industries?

Benefits of Using Add-Ins

From both an operational and security perspective, an add-in could be a good implementation of a software email security solution.

Add-ins are the software utilities or programs that can be added to primary programs and to make multiple tasks easier and more convenient.

Add-ins extend the functionality of applications for custom tasks. And additional tabs and panes may ensure quick access to the add-in settings, which will make user navigation flow even easier.

The following are also can be considered as advantages of using add-in:

add-in is always available without needing to open any particular application;
a program code cannot be altered by others;
a program code runs quicker;
the functions are a part of the main application;
related information comes with flexibility of main application.

Since we are speaking of how to secure emails and attachments, for those organizations whose employees use Microsoft Outlook for daily exchange of sensitive business information, email security add-in could be a good fit.

This is the end of part two of the three-part blog series. Please read part one and part three.