How to Encrypt Emails

April 16, 2019

10:00-11:00AM PST

Email encryption software is an important security tool that everyone should utilize, yet the use of email encryption remains fairly uncommon. In part, the slow uptake of email encryption comes down to difficulty finding and activating the features required to ensure your emails are encrypted. If you have tried to turn your standard email provider into a fully-encrypted email platform, you have probably run into some setbacks.

The fact is, although encryption has been around for some time, it isn’t exactly easy to access or use on standard mail clients like Outlook and Gmail. Widespread adoption of email encryption has also lagged due to a lack of understanding about what encryption is, how it functions, and why it is important. For some individuals and businesses, ensuring your email communications are encrypted may be entirely optional. For others, adopting an end-to-end encryption solution is a mandatory requirement for compliance with relevant regulatory structures. How you interact with and transmit personally identifiable information (PII) or electronic protected health information (e-PHI) can have a significant impact on whether you are compliant with regulatory requirements.

In this article, we’ll break down how to encrypt an email. We’ll look at what encryption is, how to send encrypted emails, and why you might want to encrypt your emails. While it is possible to encrypt your emails using common web-clients such as Outlook, it is not as convenient or seamless as many would like. For this reason, if you are considering adopting an end-to-end encryption solution, a third-party service may offer the right combination of ease of use and accessibility for both your staff and your email recipients. Gaining a better understanding of how to encrypt emails will empower you to make an informed decision about whether your current encryption efforts are sufficient for your data security needs.

What is Encryption?

To put it simply, encryption is the process of obscuring the contents of an email and allowing those contents to only be readable if one has a key to unlock the outgoing messages. Encryption is based on cryptography, which has roots reaching back long before the modern computer age. The basic principle is the same, however. Before computers, if individuals didn’t want a message read, they would scramble the contents according to a predetermined pattern or code. So long as the recipient also had access to this pattern, referred to as a cipher,  they could understand the message. To an outside observer that didn’t have access to the cipher, the message would appear to be meaningless.

Modern email encryption works much the same way, except older style ciphers have been replaced with algorithms. Instead of having to decode your message, your computer does it for you, provided you are able to unlock it. The core purpose of encryption is to obscure the contents of data during the time that it is between the sender and recipient. In this sense, encryption bolsters privacy. This should be distinguished from security during transmission, in the sense that someone could feasibly still steal an email or document in-transit to its destination. However, if that email or document is encrypted they can’t actually open it and read the contents.

How Does Encryption Work?

Encryption has a couple of moving parts that are important to grasp. The first is that alongside the encryption that obscures the contents of an email, you must have a key that allows the intended recipient to open the email and read the contents. The encryption component provides the privacy you are looking for, while the key authenticates the recipient. To understand this, consider how many emails arrive in your Junk inbox with a sender address that has the name of a trusted sender, but upon closer inspection, the sender is actually different. This is known as spoofing and is relatively easy to do. So, how do both the sender and recipient of encrypted email ensure that the other party is who they say they are? They do so through keys.

There are two broad categories of encryption that exist today. The first is symmetric-key encryption, and the second is public-key encryption.

Symmetric-Key Encryption

Symmetric-key encryption requires both the sender and recipient to have the key saved on their computer or device in order to open an email. The strongest type of symmetric-key encryption today is AES 256 bit, a standard currently in use by U.S. Military and Government Agencies. Symmetric-key encryption is so strong that it is literally impossible to break unless you have the correct key.

Public-Key Encryption

The second, more common method that emails are encrypted with is through a system known as public-key encryption. With this method, emails are encrypted and decrypted through a combination of public and private keys. A private key is stored on your computer, and a public key that can be readily accessed by anyone is stored publicly. The process governing the management of these public keys is known as Public Key Infrastructure (PKI). This method also requires a sender to adopt a digital signature, which is essentially a validation by a trusted third-party, referred to as a Certificate Authority, that verifies you are who you say you are. These expire periodically and must be renewed.

How Does Email Encryption Work?

At this point, you are probably curious how email encryption works on a day-to-day basis. Here’s how:

  1. The sender finds a public key for the recipient. Using this public key they encrypt the email and send the message.
  2. The recipient must authenticate the sender. They find the sender’s public key, verify the digital signature on the message, and decrypt the email.

The above example is assuming an email encryption method that utilizes PKI, which includes the encryption methods built into many email clients. Nearly anyone can set-up encryption for their favorite email platform, yet most people don’t. The reason why is because it is a confusing process that requires actions on behalf of both the sender and recipient. In some cases, there are other barriers standing in the way of easy encryption.

The process for encrypting emails in Outlook reflect this. If you want to encrypt emails in Outlook you’ll need an Office 365 subscription. From there, you’ll need to be assigned a digital ID or digital signature. This is usually provided by your organization or can be managed by an external Certificate Authority such as DocuSign. Once you have a digital signature, you’ll have to enable one of two encryption methods in Office 365 and be sure to sign your email with your digital signature because the recipient must have access to this digital signature in order to decrypt the email contents. Once the email is sent, the recipient compares the digital signature with the public key to authenticate the sender, and can then safely open the email.

For a comprehensive breakdown of how to add encryption to Outlook, check here. In summary, the process isn’t as simple or as streamlined as either the sender or recipient would like. While it is possible to set up, it just isn’t convenient. It also requires an Office 365 subscription. Outlook is not a favorable choice for businesses (even SMB) because it’s not designed for companies who are looking to adopt or manage company-wide security policies. This is because there is no oversight and it’s not convenient for employees won’t add encryption if recipients find it a hassle to decrypt. Instructions for enabling enhanced encryption for messages in Gmail can be found here. It should be noted that to enable enhanced encryption for Gmail is only available for certain accounts. Users must have either G Suite for Education or G Suite for Enterprise accounts in order to enable enhanced encryption with Gmail.

Alternative Encryption Methods

While it is possible to have your email set-up to be encrypted within your native email platform, it is far easier to utilize 3rd-party software solutions like Trustifi to automate the process. Encryption software such as Trustifi uses military-grade encryption while also making the entire process as streamlined as possible.

When using a standard email platform’s built-in encryption you must receive a digital signature, encrypt the message, and send the email along with the digital signature. In order to authenticate that the sender is actually who they say they are, the recipient must compare the digital signature with the public key for that sender. Once they have authenticated the sender they can open the email. If they wanted to reply to an encrypted email they would have to repeat the process. So, in order for a sender and recipient to send an encrypted email back and forth from one another, they would have to each have a digital signature on file and know the public key of the other party.

If this sounds like a hassle, that’s because it is. Solutions like Trustifi make the entire process much more streamlined. Trustifi encrypts the email on the sender side. Multi-factor authentication is used to ensure that the recipient is the one intended to receive the email. Once authentication is complete, they can open the email and even reply with a second encrypted communication. At no time does the recipient need to have Trustifi installed to be able to receive and reply to encrypted emails. At the same time, the sender has numerous ways to verify that the email was sent to the correct recipient, and can even note when and where it was opened.

Closing Thoughts

In today’s digitally driven world, data security is a paramount concern. While we spend time and resources hardening our network assets and infrastructure against external penetration, we seldom look at the email platform we use on a daily basis as a security risk. The reality is that email is rarely encrypted, and is therefore vulnerable to theft or unwanted access. In order to ensure that only the intended recipient has access to your email, you’ll need to rely on a platform that provides end-to-end encryption services. If you are interested in integrating end-to-end encryption into your emails, please contact Trustifi today.

Sources

  1. Orman, Hilarie. “Introduction: What Is Secure Email?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 1–7. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_1.
  2. Orman, Hilarie. “How Does Secure Email Work?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 33–57. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_3.
  3. https://support.office.com/en-us/article/encrypt-email-messages-373339cb-bf1a-4509-b296-802a39d801dc
  4. https://support.google.com/mail/answer/6330403?hl=en

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Open Encrypted Email

April 9, 2019

10:00-11:00AM PST

If you under the assumption that the emails you send and receive are encrypted, you are mistaken. The most widely used email platforms, such as Outlook, Gmail, and Yahoo don’t automatically encrypt emails. Many security-conscious individuals and businesses are casting an eye towards email encryption as a way to bolster the security of their data. In today’s society, it is absolutely essential that you try to minimize your security risks when it comes to malicious hackers.

Email encryption is a complex topic that has many facets. Important among these is how to open encrypted email. Since many platforms like Gmail don’t have native encryption capabilities, opening encrypted emails can be a challenging process that is unique to each sender. Other platforms like Outlook offer a way to set up encryption, but this process takes a lot of coordination between the sender and recipient ahead of time.

In this article, we’ll outline the basic steps of opening an encrypted email. In doing so, we’ll break down what encrypted email is, why you might consider utilizing encrypted email, and how it works on a functional level on the most popular platforms. The truth is that sending and receiving encrypted email is often an unwieldy and inconvenient process, which is why so few organizations regularly encrypt emails.

Trustifi is a third-party alternative that offers seamless email encryption that avoids many of the pitfalls of standard encryption methods. If you have ever tried to figure out how to open an encrypted email in Gmail, you will immediately understand the need for utilizing an external service to handle encryption. As we will see, encrypting emails on most platforms is neither intuitive nor seamless.

What is Encrypted Email?

Let’s start with the basics. Most people don’t understand what encrypted email is in the first place, so they simply assume that this security service isn’t for them. Encrypting emails is the process of scrambling the contents of an email message. To reconstruct the message, the recipient needs a key. Think of encryption as a lock and the key as a way to access the information. To an individual without the key, the contents of an encrypted message can’t be accessed. Once you have the key you can access the message easily.

There are two types of encryption for email that are in common use today. The most common type that you will find is known as public-key encryption. Less common, but arguably more robust, is symmetrical-key encryption. We’ll go over both of these standards to give you a better idea of what is required to open an email.

Public-key Encryption

Public-key encryption actually relies on two sets of keys. As the name would suggest, one of these keys is publicly available. The process of maintaining and storing public encryption keys is known as Public Key Infrastructure (PKI). In this type of encryption, the sender has both a public key and a private key, which is also referred to as a digital ID, digital signature, or digital certificate. This digital signature can be acquired through an external third-party that validates the identity of the other individual or business. This external third-party is known as a Certificate Authority. It is important to not think of a digital signature as the same type of signature that you sign all of your emails with. Rather, a digital signature has a vital authentication function for the purposes of sending a secure email through encryption.

With an encrypted email that utilizes PKI, the recipient must already have the sender’s private key on file. This usually works by sending an email with the digital signature attached to the recipient prior to sending the encrypted email. When the actual encrypted email is sent, the recipient will verify that the public key matches the private key by comparing the hashes, or a short string of numbers, in both. By comparing both the publicly available key and the private key they were already sent, the recipient can authenticate that the sender is who they say they are and can open the message.

Symmetric-Key Encryption

Symmetric-key encryption is less common in the public email sphere, but much more common in the defense and military sphere. At a basic level, symmetric-key encryption relies on a single key to encrypt and decrypt messages. In order for symmetric-key encryption to work, both the sender and receiver must have the appropriate key. Depending on the level of encryption used, if a third-party doesn’t have the correct key it is essentially impossible to unlock.

The highest level of symmetric-key encryption currently available is the Advanced Encryption Techniques (AES) 256 bit. This is the level of encryption utilized by the U.S. Military, Department of Defense, and other Government Agencies. This level of encryption is so strong that if an outside party doesn’t have the key, breaking the encryption would require more computing power and electricity than currently available on the planet today.

Opening an Encrypted Email

Now that we have a basic understanding of the components of encrypted email, now we can finally discuss how to open an email with this extra level of security. There are different ways to open an encrypted email depending on the type of encryption used. Both types of encryption methods will require you, as the recipient, to already have a key. For opening an encrypted email sent with symmetric-encryption, having the key is all you need to decrypt the email.

For opening an encrypted email sent with public-key encryption, the process is a bit more complicated. You will already need to have the private key, or digital certificate, of the sender saved on your computer. This will then be used to validate the public key for that sender. Comparing both of these will allow you to authenticate the sender and open the encrypted email.

Opening an Encrypted Email in Outlook

If you or your organization is an Office365 subscriber, you can send and receive encrypted emails to other subscribers using Office365. Opening these emails is relatively straightforward. Rather than requiring you to have a private key saved on your computer, Outlook will authenticate you in a different way. When using Office365, you’ll be sent an email with the encrypted message as an attachment. Opening the attachment brings you to a sign-on page. On this page, you can either sign on with your organization’s credentials or receive a one-time passcode that authenticates you as the recipient.

How to Open an Encrypted Email Sent Through Trustifi

The reality is that email encryption is often too much of a hassle for most people to set up and use, which is why we so rarely see it in our personal email inbox despite its advantages.

That’s why Trustifi developed a simplified process for sending and receiving encrypted emails and it’s hassle free nature is one of the biggest advantages.

Opening an encrypted email sent by a Trustifi user is very simple. First, understand that the recipient doesn’t need to have Trustifi installed in their web browser. When an encrypted email comes in, they can click on the email. This will bring them to a page where they can complete an easy 2-factor authentication process. Once authentication is complete, the recipient can open and view the email. From the same page, the recipient can reply and send an encrypted reply back to the original sender.  

Closing Thoughts

Encrypted email offers some enormous advantages in terms of privacy. Today’s email inboxes, whether they are our personal email or an institutional email, are a key area of vulnerability. This vulnerability exists when the email is in-transit to its destination and once it arrives. Encryption ensures that even if an email is intercepted on its way to its destination, there is no possible way that the malicious actor that intercepted the email can open it and view its contents. Encryption also ensures that if an encrypted email is sitting in the destination inbox and the login credentials of that inbox are stolen, no one other than the intended recipient can access the information.

Given the obvious security enhancement that encryption offers, you might be wondering why it isn’t a more common service. While modern encryption is very strong, it is also often inconvenient for both the sender and recipient. The most common form of email encryption in use today requires two keys to authenticate and decrypt an encrypted email. It also requires coordination between the sender and recipient beforehand. This simply doesn’t translate well to modern business environments where the pace of communication is rapid and the list of recipients is diverse.

An encryption platform like Trustifi offers a way to streamline the process of sending and receiving encrypted emails. With Trustifi, only the sender needs to have Trustifi installed. In order to open an encrypted email sent with Trustifi, the recipient must complete a 2-factor authentication process.

 

If you are interested in using seamless end-to-end encryption for your business, please contact Trustifi today.

Sources

  1. Orman, Hilarie. “Introduction: What Is Secure Email?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 1–7. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_1.
  2. Orman, Hilarie. “How Does Secure Email Work?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 33–57. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_3.
  3. https://support.office.com/en-us/article/send-view-and-reply-to-encrypted-messages-in-outlook-for-pc-eaa43495-9bbb-4fca-922a-df90dee51980

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Send a Secure Email Attachment

April 2, 2019

10:00-11:00AM PST

If you are interested in sending a secure email attachment, you’ll need to encrypt your email message. One of the easiest ways to do so is by sending your attachment through Trustifi. Sending a secure email attachment through other means can often be a challenging process for the sender. Once the recipient receives the email, opening that secured email attachment can be an even more difficult process.

In this article, we’ll breakdown how to send a secure email attachment. We’ll explore what options there are for sending secure email attachments, how they function, and what the strengths and drawbacks of those options are. Trustifi isn’t the only way to send a secure email attachment, but it is the most seamless method available. We’ll look at why that is, and what the process for sending and opening a secured email attachment within Trustifi looks like.

What is Secure Email?

Secure email is another way of saying an encrypted email. You might have heard of message encryption before, but don’t understand exactly what it is or how it functions in regards to email. If so you aren’t alone! Encryption is an incredibly complex topic that we will only scrape the surface of.

In order to send an attachment securely over email, you’ll need to encrypt it. This is because you need security in two areas. The first is when email is transmitted to its destination. The second is once an email arrives at its destination. In order to understand how encryption aids in both of these aspects of securing your emails and attachments, let’s take a deeper look at what encryption is and how it works.

What is Encryption?

In the simplest terms, encryption is the process of taking data in a file attachment or email and scrambling it so that it is unreadable. In order to read or access the data in an encrypted secure message, you will need a key. Keys are used to both encrypt and decrypt data. There are currently two broad categories of message encryption used for the purposes of an email server. The first is public-key encryption which is the most common form of encryption you will run into. The second is symmetric-key encryption, which is less common in the public sphere and more common in the private and governmental sector.

Public-Key Encryption

Public-key encryption requires the use of two sets of keys. One key is publicly available. The other key is private and is only shared between the sender and recipient. Public-key encryption relies on third-party trusted entities that are responsible for validating an organization or individual. So, how does this all work together?

In essence, the sender and recipient both need to know the public key of the other party. The sender will usually send their private key prior to sending the encrypted message, or in some cases along with it. This private key is often in the form of a digital signature or digital certificate, which is validated by an external Certificate Authority. An example of a Certificate Authority that you may have seen before is the company DocuSign.

The sender finds the public key of the recipient, encrypts the message, and sends it along with their digital signature if it hasn’t already been sent. The recipient verifies the authenticity of the sender by comparing the private and public key. Depending on the email client, much of the work is done on the back-end provided the private key has already been received and the public key is already known.

Symmetric-Key Encryption

Symmetric-key encryption is the other type of encryption you might run into. The most robust of this type of encryption is Advanced Encryption Techniques (AES) 256 bit, but there are other types of symmetric-key encryption methods available. The process for sending and receiving symmetric-key encrypted emails is relatively simple. Prior to sending an encrypted email, the sender must share the key with the recipient. This key is the only way to decrypt the email. The same key is used to encrypt and decrypt the email.

How Secure is Encryption?

Encryption scrambles the contents of a message so that only the sender and recipient can open the message. But how reliable is encryption? The fact is, encryption is incredibly powerful. You might be wondering whether the security of encryption comes down to computing power alone. While older, outdated methods of encryption can be broken by a brute-force attack given a certain level of resources and time, today’s highest levels of encryption will continue to be secure in the future. Given current computing power, there is no feasible way that a malicious actor can access the contents of a message encrypted with AES 256 bit or an equivalent encryption standard.

What Are The Advantages of Encrypting Emails?

If you have never encrypted your emails or file attachments, you might be wondering why you should bother. The fact is, most people underestimate the level of threat facing them and overestimate the security of their personal or business email. The threat landscape facing both individuals and organizations is rapidly expanding. Cyber threat actors are becoming more numerous, while the tools they deploy are becoming more advanced and easier to access.

Most people assume that their personal or business email is already secured. The assumption is that the transportation of the email from source to destination occurs across a secured channel. Although some email providers like Gmail offer Transport Layer Security (TLS) to protect emails in-transit, this only applies if the destination email provider utilizes TLS as well. Additionally, this only protects the email while it is on its way to the destination.

So, if you are transmitting sensitive information across email, how can you be sure that it won’t be intercepted along the way? On top of this, how can you be sure that once it arrives at its destination the intended recipient is the one opening it? While an increasing number of email providers are offering 2-factor authentication for their service, the adoption of 2-factor authentication is still slow.

Encryption offers a means of securing an email while it is in-transit and ensuring that the intended recipient is the one opening it. In this way, encryption is the best method of protecting privacy while also offering a method of authenticating the sender or recipient.

Sending a Secure Email Attachment The Standard Way

In order to send a secure email attachment, you’ll have to go through a somewhat complex process. We’ll break down the steps of this process in broad terms, but understand that each specific email provider has different encryption capabilities that may require additional steps.

  • Obtain a digital certificate or signature.
  • Obtain the public key of the recipient.
  • Encrypt your email with the attachment.
  • Send your email with either your digital signature attached or send your digital signature in a prior email.
  • The recipient must have both your digital signature (private key) and public key.
  • Using both of these the recipient can authenticate the sender, decrypt the email, and download the attachment.

Sending a Secure Email Attachment With Trustifi

As you’ll notice, sending a secure email attachment through a standard method can be an enormous hassle. Once the process has been done a few times between a sender and recipient it becomes easier, but the initial process of each party exchanging private and public keys can present complications.

In contrast to the standard method of sending secure email messages and attachments, Trustifi simplifies and streamlines the process for both the sender and recipient. Here’s how it works with Trustifi.

  • Generate an email.
  • Open the Trustifi extension pane and select the security options desired.
  • Send the email with the attachment.
  • The recipient opens the email, which redirects to a 2-factor authentication page.
  • 2-factor authentication occurs with either a code texted to the recipient’s phone or a code that was already shared between sender and recipient.
  • The recipient opens the attachment. If needed, the recipient can send an encrypted reply directly from the same page.

Closing Thoughts

In the end, sending and receiving secure email messages and attachments is not as intuitive or straightforward as it should be without using a third-party resource like Trustifi. Sending a secure mail attachment through standard encryption methods incorporated into your preferred email client can be a hassle to set up. It requires coordination between the sender and recipient prior to the secured email being sent. While this type of approach can work for specific needs, it is difficult to incorporate into normal business operations.

With Trustifi, sending secure mail attachments is simple for both the sender and recipient. An added advantage is that the recipient doesn’t have to be a user of Trustifi to access the encrypted email. They must simply complete the two-factor authentication process, which gives them access to the content of the email and gives them the option to reply with an encrypted message of their own. If you have struggled to send secure attachments in the past, adopt Trustifi for all of your secure email needs.

Sources

  1. Orman, Hilarie. “Introduction: What Is Secure Email?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 1–7. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_1.
  2. Orman, Hilarie. “How Does Secure Email Work?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 33–57. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_3.
  3. https://www.comparitech.com/blog/vpn-privacy/how-to-encrypt-email/

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

What is Secure Email?

March 26, 2019

10:00-11:00AM PST

Given the threats facing today’s individuals and organizations, sending and receiving secure email is becoming a necessity. Although the technology supporting the use of secure email may not be new, most people still fail to use secure email as an additional security layer. A variety of products on the market, including Trustifi, have made sending and receiving secure email easier than ever before.

In this article, we’ll outline how you can begin securing your email. If you have ever wondered, “what is secure email?” then this article is for you. We’ll discuss what secure email is, and explore how to secure email in a way that is both easy and intuitive. Traditional methods of sending and receiving secure email have failed to accommodate the need for a seamless, process. As such, many people simply can’t be bothered to utilize secure email despite the apparent advantages of doing so.

What Does Secure Email Mean?

Any discussion about secure email should first outline exactly what we mean by “secure email.”  The only effective way to truly secure email is by encrypting it. So, when we are talking about “secure email” we are really referring to methods of encrypting emails. The process of encryption is what is actually lending security to any email.

What is Encryption?

In layman’s terms, encryption is the process of scrambling the contents of an email so that they are unreadable. Unscrambling the contents of the email, referred to as decrypting, requires the use of a decryption key.

When discussing encryption, keys fulfill two functions. First, the key is used to gain access to the contents of the email that has been encrypted. Second, keys allow the recipient to authenticate the sender of the encrypted email.

What Are The Advantages of Secure Email?

The core intention behind securing email is to restrict access to the data in the sender’s message content to everyone except the intended recipient. Sure, the main motivator is to keep personal information private, but there are many more crucial reasons to secure an email.

Compliance

Many individuals and organizations have a regulatory requirement to transmit and store sensitive data securely. This often includes things like personally identifiable information (PII) and electronic protected health information (e-PHI). Protecting e-PHI is essential under the Health Insurance Portability and Accountability Act (HIPAA), which is one example of a regulatory structure that organizations who interact with e-PHI or PHI must comply with. Penalties for non-compliance can be stiff and can include monetary penalties as well as the loss of revenue and reputational harm that can accompany improper handling of sensitive data.

Security

Email can be incredibly vulnerable. This vulnerability exists when email messages are in-transit to the destination, and once it has arrived and is sitting in an inbox. Encryption addresses both of these concerns by limiting access to only individuals that have the correct key to decrypt the message. Even if an email is intercepted in transit, without the right key, access is impossible. This also holds true if an email account has been compromised. If a malicious actor has access to an email but doesn’t have the key to unlock the encryption, the data in the email is still off-limits.

Risk-Management

Cybersecurity today is about recognizing the level of risk that is facing you or your organization and implementing realistic best-practices that minimize that risk to an acceptable level. Utilizing a secure email service is one important aspect of a comprehensive risk-management strategy. Secure email limits access to the sensitive data an email may contain through powerful encryption. When combined with other cybersecurity best practices such as strong passwords and multi-factor authentication, secure email services enhance the overall security posture of an individual or organization.

How Does Secure Email Work?

There are two different types of secure email encryption that are traditionally used to protect sensitive information. The first of these, public-key encryption, relies on two sets of keys that both the sender and recipient must have. The second, symmetric-key encryption, utilizes a single shared key that both the sender and recipient have access to.

Public-Key Encryption

Public-key encryption is the most common type of encryption available for the highest email clients. Public-key encryption can be a bit challenging to set up for first-time users. How it works is an individual or business that wants to send a secure email needs to find the public key of the recipient. Often, this is provided by the recipient or can be looked up. Once they have the intended recipient’s public key they can encrypt the email. The sender will also need to include a digital signature, sometimes referred to as a digital certificate. Digital signatures are provided by a Certificate Authority. This digital certificate or signature is required for the recipient to actually open, or decrypt, the secured email.

Once the email is sent, the recipient must verify the identity of the sender by comparing their public key with the private key they already received. This is done through hashes, which are a short series of numbers. If the recipient wants to reply to the email, they’ll have to get a digital signature or certificate of their own and repeat the process that the sender just completed.

In sum, the process of sending a secure email to a specific email address through a standard mail client can be tedious at best. The most difficult aspect of this transaction is ensuring that each party involved has the private key of the other party. Also, remember that this only works between the two individuals or entities that have both the necessary private and public key.

Symmetric-Key Encryption

The process for sending and receiving emails secured with symmetric-key encryption is more simple, yet suffers from some of the same inherent problems that plague public-key encryption. Essentially, symmetric-key encryption utilizes a single key. This key is used to both encrypt and decrypt the email or attachment. So, to send an encrypted email in this fashion you would send the key to your intended recipient. Then, you would encrypt the email and send it to that recipient. The recipient would use the key they had received to decrypt the email. If they wanted to reply to that email they could then use the same key to encrypt their own reply.

Sending Secure Email With Trustifi

Sending a secure email with Trustifi addresses many of the shortcomings associated with sending a secure email via the other processes we have outlined above. In both public-key encryption and symmetric-key encryption, the key required to unlock the encrypted message must be shared ahead of time with the recipient. While this can work fine if you are sending messages to a single individual, it quickly becomes a burden when sending to multiple people. You’ll have to each share the appropriate key to unlock the encrypted email before you can communicate.

Trustifi simplifies the process by using multi-factor authentication to verify the identity of the recipient. Remember, with public-key encryption the identity of the sender is authenticated through a combination of public and private keys. With Trustifi, a simple 2-factor authentication process is completed. Additionally, only the sender needs to use Trustifi. Recipients don’t have to have it installed to access encrypted emails.

Trustifi integrates with your email platform of choice, that way you don’t have to sign up with a new email provider. You compose your email as you normally would, include any attachments you want to send, and then click the Trustifi tab to select your security and delivery confirmation options. In order to complete the 2-factor authentication process, you’ll have to include your recipient’s phone number, or share with them the authentication code beforehand. After that, all you have to do is send your email and Trustifi automatically encrypts the email and any attachments with AES 256-bit encryption.

For the recipient, opening an encrypted email sent through Trustifi couldn’t be easier. Upon opening the email the recipient will be brought to a page where they must complete the two-factor authentication process. Upon completing this process, whether through a pre-arranged code or by entering a code they received on their mobile phone, the recipient has access to the encrypted email. If they want to reply, they can simply reply within the same window and Trustifi will automatically encrypt the reply.

Closing Thoughts

Sending and receiving secure emails doesn’t have to be so difficult. While traditional methods may be taxing and cumbersome, there are other more progressive ways that allow you to send secure mail in an easier fashion. With Trustifi you can simply encrypt the message and send it. Validation of the recipient occurs through two-factor authentication. The system also allows the recipient to reply with an encrypted email directly from the same window, even if they don’t have Trustifi installed.

If you are looking for an effective way to boost email security of your electronic correspondence through your web browser, try Trustifi today.

Sources

  1. Orman, Hilarie. “Introduction: What Is Secure Email?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 1–7. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_1.
  2. Orman, Hilarie. “How Does Secure Email Work?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 33–57. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_3.
  3. https://www.comparitech.com/blog/vpn-privacy/how-to-encrypt-email/

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Track Emails

March 19, 2019

10:00-11:00AM PST

We have read receipts for our text messages and certified delivery for important mailed items, so why don’t we have a similar reliable system for our tracking email address and messages? If you have ever wondered how to track email, you aren’t alone. The need for a comprehensive email tracking system is long overdue. With data breaches on the rise in nearly every industry, many people are turning to their email platform with fresh eyes towards security.

At the intersection of security and operational efficiency is email message tracking. There are a variety of reasons you might want to have detailed tracking of your emails. This includes recording exactly what was sent, who it was sent to, when they opened  and read it, and what device they opened it on. With an increasingly large segment of our business being done by email on a variety of different devices, understanding the answers to these questions is essential. You need to know that the information you are sending is ending up in the right hands, and isn’t accessible to other individuals or entities along the way.

Why Track Emails?

We are used to tracking important information when we drop it in the mail, so why wouldn’t we have the same expectation for information we send electronically? The truth is, we view emails differently than physical mail. This is despite the fact that an increasingly large portion of our business is conducted through email messages.

To find the answer to why we would want to track emails, let’s return to the analog example. Any one of us can drop a piece of mail off with the United States Postal Service (USPS) and have it mailed with a Certified Mail Receipt. Shipping Certified Mail allows the sender to be notified that their mail has been received by the client or recipient. The sender can also receive proof of delivery.

So, what are the advantages of knowing exactly when an email was delivered and having confirmation of that fact?

  • Security - Most often when we mail something via Certified Mail we are doing so because it contains sensitive information. We want to ensure that the sensitive information we placed in an envelope has arrived at its destination and wasn’t intercepted at any point. In this way, mail delivery receipts offer an additional level of peace of mind, by giving you an assurance that your item or package was delivered. Email is the same, except instead of a package you are sending data. If that data is sensitive and contains personally identifiable information (PII), you may have a regulatory obligation to ensure that information doesn’t end up in the wrong hands.
  • Proof of Delivery - You may have never thought about proof of delivery for emails before, but it holds many of the same benefits as it would for physical packages. If you are sending sensitive data across the internet, you need to be sure that it gets in the right hands. Up until now, there hasn’t been a service that provides the same level of proof that USPS does with Certified Mail. This proof allows email to take a more central role in document delivery for your business and operations.
  • Proof of Content - One major advantage that tracked emails with delivery proof hold over certified postal mail (FedEx or UPS) is that the content of the emailed message can be proven, where it can’t in postal mail or overnight delivery. Postal mail and overnight delivery is limited in that it can prove delivery, but not “what” was actually delivered. It can’t prove what was in the envelope. Electronic email tracking not only proves the certified delivery, but also the exact message content of what was actually delivered.
  • Operational Necessity - One reason that you might consider tracking your emails is out of operational necessity. Tracking your emails ensures that you know team members or outside business associated are getting the information they need when they need it. You’ll know if an email hasn’t been received or opened, which can allow you to follow up quickly to ensure that the destination was correct and the destination mailbox remains secure. If your operations depend on information getting to where it needs to go on time, every time, you may want to consider tracking your emails.
  • Enhanced Visibility - Once we send an email we lose sight of it. We have no idea what servers it has passed through on its way to the destination mailbox. Individuals have no idea that their mail has been intercepted until it is too late. Integrating email tracking into your day-to-day business enhances the visibility of your correspondence. You’ll know exactly when an email has been delivered, when it was opened, where it was opened, and who it was opened by. Combined with the 100% proof of delivery that Trustifi offers, this gives organizations and individuals a full-field view of their electronic correspondence.

Regulatory and Compliance Considerations

The security aspect of tracking emails is worth emphasizing. Email tracking is one facet of a comprehensive cybersecurity plan. Most organizations operating under regulatory requirements must encrypt certain types of data when they transmit it across networks. This includes electronic protected health information (e-PHI) and PII. Cardholder data should never be saved and transmitted across email, so it is less of a concern. However, protecting sensitive data through email is essential both from a compliance perspective and from a reputational and financial perspective.

The costs of data breaches are becoming greater every year. The widespread prevalence of data breaches is owed largely to the increasing value that sensitive data holds for malicious threat actors. A key area of vulnerability for emails isn’t just in-transit, but also when it arrives in the destination email inbox. How do you know if the individual opening your email is the correct individual? After all, email accounts are highly vulnerable. This is not only due to the fact that many people fail to employ rigorous security measures like complex passwords and two-factor authentication, but also because we access our emails from multiple devices and on public networks.

The end result is that sending sensitive data over email is high risk. Minimizing that risk is imperative given the cyber threat landscape that many organizations face today. One aspect of minimizing the level of risk that is associated with sending sensitive data through email is to utilize a tracking service.

How Do You Track Emails?

Email tracking in some form or another isn’t exactly new, but most services use it without the client or recipient ever realizing the fact. Email tracking today predominantly occurs in the realm of advertising. Advertisers and merchants can learn a great deal about their clients by getting a full picture of when they open emails, what devices they open them on, and what products are contained in those emails. This data can be used to shape future advertisements, creating a feedback loop that results in increasingly accurate targeted advertisements.

Tracking email itself is quite difficult to do accurately. In order to get around this, most advertisers simply embed a small image into an email. This image is typically 1x1 pixel, making it too small for a person to see. Once the email is opened, the sender that is tracking the email can see which computer the image was downloaded on and when it occurred.

The method that advertisers use is less than ideal for sensitive documents or where a high degree of accuracy is needed. One alternative is to track emails through Trustifi Postmarked Email®. This service provided by Trustifi has the approval of the United States Postal Service (USPS) and acts as a cheaper, digital alternative to analog methods of sending sensitive information via Certified Mail.

Other Considerations to Email Tracking

Email tracking offers organizations enhanced visibility for their correspondence and an assurance that the data they sent is being viewed by the correct person. This is an enormous security advantage for organizations in today’s landscape of varied, persistent, and sophisticated threats. However, email tracking should be utilized alongside other services to ensure that malicious actors don’t gain unwanted access to sensitive data.

Email encryption is a great option for keeping your private information safe. Too few organizations consider encrypting emails that contain sensitive data. The perils of this approach are many. Email is becoming less secure every day as threat actors have access to more sophisticated tools and data breaches become increasingly common. Email tracking is a great service for ensuring that the correct recipient opens an email as intended, but how do you secure an email while it is in transit? The answer is by encrypting it.

Modern encryption is powerful enough to ensure that malicious actors can never gain access to an email even if they intercept it. Consider the fact that Trustifi utilizes AES-256 bit encryption, which is the same level of encryption used by Governmental Agencies and the U.S. Military. If a malicious actor hoped to intercept an encrypted email and break that encryption using a so-called “brute force” method, it would literally take billions of years before they would be successful. Even if future quantum computing hardware advances are developed, this encryption standard would still provide adequate security.

In this way, encryption and email tracking tools work together to ensure that emails stay secure and are delivered to the intended email recipients.

Final Thoughts

An email tracking service can offer important levels of value to modern organizations. Rather than dropping sensitive information in the mailbox, you can instead send it virtually with the same assurance that it will get to the intended recipients. This is important from both a security and compliance perspective. For organizations that operate under regulatory requirements to protect sensitive data such as PII or e-PHI, transmitting that data requires high security measures. Minimizing the level of risk associated with emailing sensitive data comes down to utilizing the right tools. One level of this is encrypting that data so that even if it were intercepted it wouldn’t be able to be accessed. A second level is by attaining verification that shows exactly when, where, and by whom that email was opened.

To find out more about how to track emails with Trustifi and how an email tracking tool can help augment your business operations and cybersecurity, please contact Trustifi today.

Sources

  1. https://www.wired.com/story/how-email-open-tracking-quietly-took-over-the-web/
  2. https://globenewswire.com/news-release/2018/03/22/1444177/0/en/Trustifi-Launches-Secure-Email-Platform-a-Federally-Approved-Digital-Substitute-to-U-S-Postal-Service-s-Certified-Mail.html
  3. https://www.cnbc.com/2018/04/18/globe-newswire-trustifi-announces-addition-of-healthcare-distinguished-veteran-to-board.html

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Not all email encryption providers are created equal: S/MIME & the Outlook Bug

By Trustifi on Nov 07 2017

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers are constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly.

Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

The problem was due to a bug (CVE-2017-11776) in Microsoft Outlook that occurs when users format their emails as plain text while using the S/MIME encryption. This causes the “encrypted” emails to be sent in a human-readable clear text form along with the encrypted version. This was not the service that was promised.

One of the biggest issues is also that the users would have no idea that the sent email was compromised. It would still show up in the sent folder as “encrypted” leaving the user with a false peace of mind. Tracking is a key part of email security and companies such as Trustifi have great solutions to this tracking error.

Many consumers do not understand how to encrypt an email and trust their providers with their personal information. Trustifi’s solution avoids these issues because they are a military grade, court validated interface that encrypts your emails with absolute ease. They continue to compete with the best cyber security companies in the industry due to their dedication to security. Trustifi’s solutions for encrypting emails is simply one way they can avoid what happened with S/MIME.

Cybercrime is a serious matter, and how a company protects themselves with a secure email gateway should be taken with care and certainty. The best cyber security companies around the globe understand the trust their clients put in them, and the importance of their role in their clients’ lives.

Trustifi, a patented email solution that encrypts and tracks emails, and is the first federally-accepted method of sending legal documents online, is one of many solutions for avoiding problems that S/MIME ran into. Their solution is predicated on providing top-notch security and strict confidentiality to their clients in order to provide peace of mind.

According to researchers, the magnitude of the vulnerability depends on the configuration on the user’s Outlook.

  1. Outlook with Exchange

The encrypted emails of Outlook with Exchange users would only reach one hop (to the sender’s exchange) and the plain text message would be removed because they were sent to external exchange. However, if the sender and recipient were in the same exchange, the plain text would be attached.

  1. Outlook with SMTP (Impact on the entire email path)

If Outlook was being used with SMTP the plaintext would be received by the recipient as well as all mail servers along the path. So not only was the failure in encrypting emails, but your email could be seen by anyone on the mail servers.

Since one of the biggest problems with the S/MIME bug was that users would view their email as encrypted in their own sent folder. Trustifi’s email tracking system avoids this issue as their product users will be able to track where the email was sent to, as well as who opened it and on what device. This is yet another way to avoid any mishaps with the security of your emails.

The S/MIME bug truly demonstrates the importance of having a trustworthy encrypted email provider. Sending legal documents with confidential information is too risky if you are using a sub-par provider. Only the best cyber security companies will suffice, who understand the ins and outs of encrypting emails, and keeping you and your clients’ information, safe.

For instance, having a federally-approved form of legal delivery allows a company like Trustifi to have confidence in its solutions. This in turn gives a sense of security to its users that all is well regarding their email.

From legal records, to medical records, to intellectual property, encrypted emails and documents must be kept as safe as possible when the consumer trusts a company to do so. It is the obligation of any encrypted email provider to deliver the best possible service, with no negative outcomes.

Unfortunately, hacked emails are a part of the modern world. The more technology and security that is out there, the more people will attempt to take advantage. This is where cyber security companies must step up to the challenge. Trustifi is one said company that uses modern technology and ideas to come up with the best possible strategies and solutions to deter any negative activity.

Another reality this incident with S/MIME brings to the surface is how serious businesses must take their private information. Human relations divisions must take note, they are in charge of protecting all the personal information for the employees and their company. It would be detrimental to any business owner if any single email with private information were to be hacked due to faulty encryption. Encrypting emails safely is the only way to avoid the major consequences that occur when an email is compromised. You must find an industry leader you can trust.

Trustifi offers a demo so you can understand exactly how their solution works before you even sign up. Understand that this matter is only becoming more and more serious, and encrypting your emails is more pertinent than ever before.

The average consumer does not understand how to encrypt an email and therefore is truly putting all their trust in cyber security companies. Mistakes such as the bug with S/MIME and many others demonstrate the risks of the modern technological world we live in. It is the providers job to protect and secure all of its clients’ documents to the highest standard, anything short of this is simply unacceptable.

To protect your most important information, sign up for a free trial of Trustifi’s patented solution.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

1 of 3 Part Email Dangers Blog Series: Business Security – Vendor Exposure

By Trustifi on Apr 18 2017

Certain industry types require extra security and data sensitivity. When you make your career in one of those fields you get used to certain standards when it comes to protecting the data that you process. But even the most diligent of us can inadvertently overlook securing sensitive information, or think the document that we’re emailing internally is relatively innocuous and not worthy of protecting.

In this four-part series, we’ll be talking about what you should be securing, encrypting, and tracking so that you can protect yourself, your business, and your clients.

What You Need to Know About Exposure — from Your Vendors

At every level of the organization, as long as an employee is picking up the phone, or sending and receiving emails, that employee is making security decisions for the organization every day. Despite the sophistication of technology and the cybercriminals that employ its use, old-fashioned social engineering is still the go-to resource for infiltrating an organization.

Let’s take a look at how a cybercriminal might use LinkedIn to breach your organization.

LinkedIn is actually one of the biggest resources for criminals seeking to subvert a company’s security. The nature of LinkedIn is for its users to remain open to they can be searched for by business connections, clients, and vendors. But that openness also exposes organizations to attack. The larger an employee’s social network increase their risk of attack as they build connections.

LinkedIn also makes it incredibly easy for a cybercriminal to impersonate a legitimate connection. Let’s say that you work for Acme Optics. Acme Optics has its own LinkedIn corporate page, so it’s fairly easy to determine what kind of service Acme Optics provides and what connections it’s making with other organizations, such as vendors and procurement sources (and remember — those connections are still made by humans at the ends of the terminals).

Our cybercriminal — we’ll call him Vlad — figures out that you work for Acme Optics, determines that Acme Optics gets its lenses from Shine Glass, and sends you a spoofed email from Shine. In three relatively simple steps, Vlad has convinced you to open an email and unknowingly download malware to your internal network.

One of the more insidious ways that Vlad may hurt your organization’s bottom line was discovered during the Yahoo breach, where auto-forward was turned on for thousands of accounts. These “set it and forget it” settings — that almost no one checks regularly — set Yahoo users’ up for years of exposure. Everything from grandma’s cookie recipe to last year’s tax filings was being auto-forwarded to hackers.

And that’s relatively easy to do on company servers, too — once you’ve been let in the back door via malware.

Fortunately, you can protect yourself and your organization by requiring your vendors send any attachments through a secure email lifecycle solution. By utilizing a secure solution, you can be assured that you and your vendors are protected through end-to-end secure email, lifecycle tracking, and dual validation technology.

Also, remember to “trust but verify.” Despite your familiarity with a vendor, even our most trusted associates are open to being spoofed. Vlad is depending on your trust to open that email. If you’re not sure why your vendor is sending you an attachment, pick up the phone and call to confirm that your vendor sent you an email. An ounce of prevention is worth a pound of cure.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization