How to Send Secure Email Attachments in Gmail

June. 26, 2020

1:00-2:00AM PST

With more than 1.5 billion active users worldwide, Google's Gmail currently dominates the email provider market and has grown leaps and bounds since its inception in 2004. And professionally, Google's G Suite service is utilized by more than 5 million companies, empowering businesses across countless industries to communicate, collaborate, and share important files, documents, etc. every day. In 2020, the platform is both frequented and beloved for the convenience and efficiency that it offers users.

Unfortunately, Gmail does not provide adequate data protective measures. By performing regular scans of user emails and gathering data to inform advertisers, Google ultimately puts users' utmost sensitive and valuable information in jeopardy. Although many users have come to brush this fact off, in some cases, deeming it a harmless, unavoidable part of technological life, emails in transit can become intercepted by third parties with the potential to become leveraged for malicious purposes. Although seamless and built-in, Gmail's S/MIME (Secure/Multipurpose Internet Mail Extensions) and TLS encryption options are lacking, only working correctly if both the sender and recipient are equipped with it. Without proper email encryption enabled, confidential attachments pertaining to business, financial, and even personal information might fall into the wrong hands. Thankfully, third-party encryption software is available to ensure the security of all attachments and messages transmitted via Gmail.

Confidential Mode in Gmail

To boost email security offerings, Gmail rolled out its confidential mode option in 2018, allowing "users to send emails that recipients can't forward, copy, print, or download." Although the name of this security method evokes a sense of heightened data safety and confidentiality, in actuality, it effectively provides neither. With confidential mode enabled, users are also empowered to generate passcodes, activate message expiration dates, and rescind recipient access to specific emails. Thus, Gmail's confidential mode thwarts any sharing -- whether accidental or otherwise -- on the part of the email's recipient. And a recipient that intends to share an email's messages or attachments with unintended viewers is not prevented from doing so with ease via a simple screenshot. Furthermore, this security mode does not offer end-to-end encryption, permitting Gmail and additional providers to scan and collect email contents.

How to Encrypt Your Emails and Attachments

The attachments shared via email are often just as sensitive, or potentially more so than their corresponding messages. End-to-end encryption masterfully encrypts an email's contents while in flight and at rest, ridding emails of most security vulnerabilities. Undoubtedly, this makes end-to-end encryption the most secure method of email encryption, as it protects the user's valuable messages, files, documents, etc. Although Google has often entertained the conversation around implementing end-to-end encryption on Gmail, it has failed to do so as of yet. Gmail offers users a few added security options at a price. Still, to fill the void left behind by Google, several third-party encryption services have stepped up to offer their own applications and extensions.

Upgrade Your Account

In order to upgrade the data security which operates within your email account, one might consider upgrading their Gmail account from the free model to one of the platform's paid offerings. Both the G Suite Enterprise and G Suite Education plans provide S/MIME encryption. A step up from the standard TLS encryption provided by Google, which performs automatic encryption on all outgoing emails, S/MIME encryption enables users to encrypt emails with keys unique to the user and are required to be shared with the intended recipient. Users of either of Gmail's paid models can discern the level of encryption being employed by any given email.

With this being said, S/MIME encryption can only be successful if exercised by both the sender and the recipient. In other words, an email, even if sent utilizing S/MIME encryption, will remain unencrypted if the intended recipient uses an email provider free of encryption. And to top it off, S/MIME does not prevent Google's scanning of emails for advertising data collection. 

Find Another Email Provider

For those transmitting highly sensitive, confidential, or classified data via email, Gmail might not be a suitable fit. Although creating and transitioning to a new email account can be burdensome, it may help to achieve the level of security that is necessitated by your business, personal affairs, etc. It is critical to be incredibly diligent when researching a new email provider to ensure that this switch will be permanent and provide the desired privacy and data protection. Along with end-to-end encryption, the most secure email provider should offer guaranteed encryption, no matter the recipient's provider, as well as a zero-knowledge policy.

Use Encryption Software from Trustifi

In order to securely use Gmail, email attachments must be encrypted before being sent. By doing so, in the event that an email is intercepted and/or forwarded by a malicious actor, the attachments will remain encrypted, rendering them useless to cybercriminals, hackers, and other third-party entities. However, discovering the most streamlined, user-friendly, and efficient method of email encryption does not have to be a daunting task. While the encryption solutions provided by Google seem to miss the mark and most third-party plug-ins are challenging to use, users who intend to stick with Gmail can seek the assistance of an encryption software provider. 

Trustifi is a comprehensive email security platform that offers cost-effective and versatile encryption options to a variety of clients, spanning virtually all industries, including highly regulated ones like: Pharmaceutical, Healthcare, Financial, Legal, and Real Estate. As an add-on extension, Trustifi integrates seamlessly with Gmail. And with NSA-grade end-to-end email encryption and secure mobile relay, Trustifi delivers user-friendly, complete protection for both incoming and outgoing messages to all clients. Moreover, Trustifi's customizable encryption solutions enable clients to recall, block, modify, and set expirations on previously sent and received emails. Trustifi also allows clients to prevent the printing and removal of metadata from email attachments. Overall, Trustifi's encryption solutions provide Gmail users with unmatched visibility and security measures, enabling increased oversight and peace of mind.

Conclusion

Email messages and attachments landing in the wrong hands is not an uncommon occurrence. And "this is especially frightening because email remains the most popular business communication method, which puts millions of companies at risk of both reputational and financial loss." Highly sensitive data in the form of business presentations, contracts, agreements, mock-ups, and the like are sent and received via email every day. And typically, once such emails are sent out, users lose control over these attachments entirely.

Fortunately, email encryption software and solutions like those provided by Trustifi are here to help, serving as the user's first line of defense against email data breaches and malicious interceptions. With Trustifi's NSA grade end-to-end email encryption services, clients can rest assured that any attachments sent and received via Gmail will be secured, protected, and only accessed by intended viewers.

References

“How to Easily Encrypt and Track Your Gmail Attachments.” Digify, 26 May 2020,

digify.com/blog/encrypt-gmail-attachments-digify.

Simpson, Eva. “How to Send Secure Email Attachments in Gmail.” NordLocker, NordLocker, 15

Nov. 2019, nordlocker.com/blog/how-to-send-secure-email-attachments-in-gmail/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Send a Secure Email

June. 16, 2020

1:00-2:00AM PST

Email continues to experience immense growth in popularity -- for business and personal uses alike. And as more and more individuals worldwide continue to navigate their transition to remote work -- however permanent or temporary that might be -- email has only become more heavily relied upon, replacing lengthy in-person meetings and in some cases, phone calls. As a result of this switch, the contents of emails are growing increasingly sensitive. With that being said, it is imperative that businesses, their employees, and business associates ensure that any private information sent or received via email is properly and thoroughly secured. With the help of email encryption, individuals can avoid the negative effects of phishing, spoofing, and malware that are, unfortunately, often mobilized via email. Overall, email encryption can provide users with the necessary security to protect this vector of communication from potentially dangerous vulnerabilities.

What is Email Encryption?

When individuals include sensitive information -- like bank account numbers, social security numbers, usernames, passwords, etc. -- in emails, this data can be vulnerable to malicious actors. In order to prevent this valuable data from landing in the wrong hands, individuals are advised to turn to an email encryption service. Through email encryption, an email’s contents are disguised, protecting them by making them illegible to hackers, cybercriminals, and other unintended parties. Thus, when enabled, email encryption makes it so that all encrypted emails can only be accessed by their intended senders and recipients.

Email encryption is carried out with the use of public key infrastructure (PKI), which effectively encrypts and decrypts email contents. Senders and recipients are assigned digital codes that serve as both public and private keys. Public keys encrypt email contents and are “stored on a key server along with the person’s name and email address, and can be accessed by anyone.” On the other hand, private keys decrypt email contents and are stored in a secure and private location within the sender’s device that is only accessible to that individual. Private keys can also serve as the sender’s digital signature and thus, confirm the email’s origins and provide the recipient with peace of mind.

Why is Email Encryption Important?

Email encryption is an individual’s first line of defense against email data breaches. When an email is encrypted, its contents become scrambled and entirely illegible to any and all individuals who are not intended to access them. With that in mind, even if an email is intercepted, the encrypted contents are rendered completely useless to malicious actors. According to Panda Security, more than 13 billion data records have been lost or have become victims of theft since 2013. Such data breaches can be extremely costly to individuals and companies, in terms of both time and money. This is due to the fact that pinpointing the source of a data breach can be an especially arduous task, and containing these breaches is typically not a much easier one. However, by enabling email encryption, individuals can secure their sensitive data and steer clear of such disadvantageous circumstances.

How to Secure Email Using S/MIME Email Encryption Certificates

There are many avenues of email encryption available to businesses and individuals. However, S/MIME email encryption is one of the two most popular variations of email encryption protocol. Already built into the majority of OSX and iOS, S/MIME email encryption depends on a central authority that determines particular encryption algorithms. Moreover, S/MIME is also a built-in feature supported by many web-based email providers, most notably Gmail, Apple, and Outlook. And S/MIME functions as a more automated option for email encryption, creating the necessary key code for the use, rather than requiring the user to create it.

How S/MIME Works

S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an email signing protocol that serves as an incredibly effective way to encrypt emails that might contain confidential business or sensitive personal information. This is due to the fact that S/MIME email encryption “uses asymmetric encryption to protect your email data both in transit and when it’s at rest… [, meaning that] you use a public key to encrypt the email data and your recipient uses a matching private key to decrypt it.” So, when a sender creates an email that is encrypted using S/MIME, the unencrypted contents (text, files, documents, etc.) of that email are encrypted using the recipient’s public key. Once the email makes its way to its intended recipient, the recipient’s private key is utilized, to decrypt or unscramble the contents, reverting the email back to it’s original “plaintext” form. Consequently, S/MIME email encryption supplies data protection for emails, both while in flight and at rest.

Moreover, S/MIME encrypts email content via the utilization of certificates. These certificates act to secure email correspondence, utilizing cryptography to protect them from being accessed by hackers, cybercriminals, or other malicious actors. Additionally, S/MIME certificates validate sender-identity, for all practical purposes, by providing timestamped digital signatures. In doing so, S/MIME certificates encrypt emails prior to them being sent out, whether to a mail server or onto the World Wide Web, as well as decrypt those same emails once they arrive at their intended destination. Thus, by certifying file credibility and legitimacy, S/MIME certificates encourage, expedite, and secure the process of file sharing online.

Step by Step: How to Send Encrypted Email on Three Mail Clients

In order to protect confidential and delicate data from landing in the hands of a hacker, cybercriminal, or other malicious actors, it is crucial to enable email encryption. Lucky for modern device users, many web-based email providers are already equipped for S/MIME encryption. No matter the platform or provider used, first thing’s first: users are required to obtain an email encryption certificate. Such certificates can be purchased, either from a certificate authority or a trusted seller. Following the purchase, the certificate must be installed onto the email platform. 

How to Send an Encrypted Email in Gmail

Unfortunately, Gmail has failed to fulfill its promise of end-to-end email encryption for its users. But, luckily for Gmail users, this web-based email provider already has S/MIME built-in. However, it is crucial to understand that Gmail supplies users with hosted S/MIME, meaning that the provider hosts users’ S/MIME certificates on its own servers. And this capability is only available to paid users who subscribe to G Suite Enterprise.

For G Suite Enterprise users, which encompass those utilizing either G Suite Enterprise or G Suite Enterprise for Education, S/MIME can be enabled can easily be enabled through the Google Admin console, and your certificate easily uploaded. In order to encrypt and digitally sign all outgoing G Suite Enterprise emails, users must:

  1. Compose an email as they regularly would, designating a recipient, including attachments, etc.
  2. Click on the padlock icon, located in the top right corner of the screen (to the right of the recipient and next to the CC and BCC fields).
  3. Click on “View Details” in order to alter S/MIME settings and see if the designated recipient has enabled encryption.
    1. When making changes to the S/MIME settings, users are urged to take notice of the color-coded encryption levels: green conveys that S/MIME encryption has been enabled, yellow signifies that emails are only protected by TLS (Transport Layer Security), and red indicates a total lack of encryption.
  4. Select “Settings,” click on “Enhanced Encryption (with digital signature)”, and confirm your choice by clicking “OK”.
  5. Finally, complete the process by pressing “Send”.

 
 

How to Send an Encrypted Email in Outlook

Like Gmail, Outlook also has built-in capabilities for S/MIME email encryption. Enabling S/MIME on Outlook is also rather simple once the user has obtained and installed their certificate. The user must acquire a certificate from their organization’s administrator. Following this, S/MIME control can be installed onto Outlook. 

In order to encrypt all outgoing emails, as well as equip those emails with a digital signature, the user must:

  1. Go to the gear menu and click on “S/MIME Settings”.
    1. This is where the user has the opportunity to encrypt the contents and attachments of all emails sent. And this is also where the user can add or enable their timestamped digital signature.
  2. Click on “More Options” (signified by three side-by-side dots) located at the top of the new composition and choose “Message Options”.
    1. Doing so will enable the user to encrypt or remove specific email correspondences.
  3. Select or deselect “Encrypt this message (S/MIME)”.
  4. When prompted to install S/MIME control by running or saving the file, click “Run”.
  5. Users will once again be prompted to verify their intention to run the software. Click “Run” again to proceed.
    1. Also, note that users will be required to close and then reopen Outlook in order to fully enable S/MIME.

Individuals who receive an S/MIME encrypted email but do not have S/MIME enabled will be prompted by Outlook to install it. Moreover, it is important for users to be aware of the fact that S/MIME encryption is only effective if both the sender and recipient have it enabled. If an intended recipient does not have S/MIME encryption enabled, then any messages that they receive that are S/MIME encrypted will remain encrypted -- permanently scrambled and illegible.

 

How to Send an Encrypted Email in Yahoo

By default, Yahoo protects accounts with an SSL, or Secure Sockets Layer. In order to enable S/MIME encryption on Yahoo, a third-party service is required. However, this is not to be considered a downfall. Third-party encryption tools, like Trustifi, offer an added layer of protection for both the sender and the recipient, supporting both parties with a reliable, trustworthy, and user-friendly option for email security. By linking an email provider with the Trustifi app, users can easily send encrypted responses.  As previously described by Trustifi, “once the reader has successfully opened an encrypted email from a source that they are sure is legitimate, they can also respond back to the email through a pre-existing platform.” Thus, full-coverage, NSA-grade protection is facilitated on both ends of email correspondence.

Final Thoughts

Businesses, across nearly every industry, are encountering an increasing need to operate seamlessly in the digital world, only deepened by the bustling trend of remote work. By taking precautions and being proactive regarding email security, companies will do well to avoid a potential onslaught of cybersecurity threats. By obtaining or purchasing an S/MIME certificate and installing S/MIME control onto the email platform used, users can leverage timestamped digital signatures, as well as a capacity for advanced encryption.

Going one step further, businesses and their employees are highly encouraged to seek out the assistance and expertise of a third-party encryption service. Whether a company is a small business or an extremely large corporation, preventing malicious attacks like phishing and spoofing scams can save an immense amount of precious time and money. This can all be avoided with the help of a third-party encryption tool like the Trustifi app. Easy to use and reputable, the Trustifi app enables senders and recipients alike to rest assured that they will receive the highest level of privacy protection, securing the utmost confidential and sensitive messages and attachments that might be sent via email. 

 

References

Crane, Casey. “How to Send Encrypted Email on 3 Major Email Platforms.” Hashed Out by The

SSL Store™, 3 June 2019,

www.thesslstore.com/blog/how-to-send-encrypted-email-on-3-major-email-platforms/.

 

Panda Security. “How to Encrypt Email (Gmail, Outlook, IOS, Yahoo, Android, AOL).” Panda

Security Mediacenter, 7 Feb. 2019,

www.pandasecurity.com/mediacenter/panda-security/how-to-encrypt-email/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

The Benefits of Two-Factor Authentication on Email Security

June. 12, 2020

2:00-3:00AM PST

Two-Factor Authentication (2FA), otherwise known as Multi-Factor Authentication (MFA), has become deeply ingrained into the daily lives of individuals around the world over the years. And more often than not, people are participating in forms of Two-Factor Authentication without truly being cognizant of them. Although most of us have come to associate Two-Factor Authentication with web security, this double-layered protective tactic has existed for decades. For instance, individuals take part in Two-Factor Authentication regularly when they input their bank PIN into a keypad in order to finalize a transaction made by swiping their debit card. However, Two-Factor Authentication has been quite newly adapted for online use, with institutions worldwide embracing this technology in their own ways. As explained by experts at Ohio State University, “if you have [2]FA set up for a given account (website, application or device), when you log in with your username and password, that account server is going to ask for a second, independent form of authentication before it will actually let you into the system.” Thus, by requiring individuals to supply two forms of identification, Two-Factor Authentication -- although not entirely foolproof -- is a wonderful step in maintaining the security of one’s email account.

Two-Factor Authentication provides individuals with greater security by making hacking attempts virtually impossible. This is due to the fact that “the second layer in two-factor authentication means a hacker or other nefarious individual would need to steal your password along with your phone in order to access your account.” In other words, malicious actors would need not one but two different ways to prove that they are actually the person that the account in question belongs to.

Methods of Two-Factor Authentication on the Web

As Two-Factor Authentication manages to become more deeply ingrained in the daily routines of most individuals who utilize technological devices -- like smartphones and laptops -- with each passing day, it has also become increasingly important for those same individuals to develop a clear understanding of the different methods of this web security measure that may be available to them. There are three different options for identity authentication that users can choose from. The first is something that the user knows; this is typically a password, zip code, security question response, or PIN. The second is something that the user has; this often takes the form of a smartphone, credit card, or key fob. And the third and final option is something that the user is or something that is a part of the user; this is usually a biometric and most commonly refers to the scanning and subsequent recognition of the user’s fingerprint, face, retina, or voice.

When a user registers for a Two-Factor Authentication application or device, the result is the combination of two of these authentication methods. Following the input of the individual’s password (which serves as the first method of authentication), a text message or push notification will typically be received (which serves at the second method of authentication). Each time the user logs into a Two-Factor Authentication equipped email account, they will be required to complete this short series of actions. This extra layer of security makes the account less appealing to malicious actors, as they traditionally seek out the least amount of barriers to entry. Hackers looking to carry out an effective attack may be able to do so with access to the account password, as well as the user’s smartphone. If the smartphone is unobtainable, hackers might leverage phishing attacks or malware to acquire tokens placed on the device by the authentication service, or activate account recovery, disabling Two-Factor Authentication. Thus, a successful attack on an email account that requires Two-Factor authentication requires a lot of extra effort on the part of the cybercriminal, making this type of attack quite unlikely.

Although there are numerous methods of setting up Two-Factor Authentication, the most prevalent is the use of an application installed onto the user’s device that requires user approval in response to all log-in attempts -- typically referred to as a “push” notification. The “push” notification model is incredibly user-friendly and allows for quick action to be taken if a log-in attempt is made by an individual who an email account does not actually belong to. With real-time notifications of log-in attempts, account owners can rapidly deny suspicious attempts with the simple push of a button.

Another popular method of mobilizing Two-Factor Authentication is an application installed onto the user’s device that sends through a unique code that must be typed in at each log-in attempt. These codes, although typically pretty short in length, are generated by an algorithm created by the authentication app and are usually updated every 60 seconds, so they are incredibly difficult for hackers to steal. Similar to the “push” notification model, hackers would need to obtain the email account owner’s device in order to gain access to this short, protective code. So, given that this code changes with each minute, hackers have extremely limited time to carry out their attacks even if they are able to get their hands on the user’s device. And most authentication applications will support both “push” notifications and unique code generation. In addition, there is also an SMS-based code method that operates without an application. This method is compatible with all cellphones and device owners are sent codes via text message as a result of account log-in attempts. Aside from having to physically type in the code provided, the SMS code method offers all of the same benefits as “push” notifications. 

Bolster Security, Flexibility, and Productivity with Two-Factor Authentication 

Enabling Two-Factor Authentication, specifically on accounts associated with your business, offers many benefits and is considered as “the gold standard” by Ohio State University. In necessitating a form of identity verification in addition to one’s account password, Two-Factor Authentication undoubtedly provides heightened email account security, decreasing the overall likelihood of malicious actor impersonations that have the potential to result in the theft or compromise of a user’s sensitive data. Moreover, Two-Factor Authentication is a wonderful security tool for companies moving forward, as remote work has become something of a new normal. With Two-Factor Authentication enabled, corporate devices, accounts, applications, documents, data, and systems remain safeguarded and can be accessed from virtually anywhere at any time.

 

References

Elliott, Matt. “Two-Factor Authentication: How and Why to Use It.” CNET, 28 Mar. 2017,

www.cnet.com/how-to/how-and-why-to-use-two-factor-authentication/.

“Multifactor Authentication.” Cybersecurity, 26 Mar. 2019,

cybersecurity.osu.edu/cybersecurity-you/passwords-authentication/multifactor-authentica tion.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Email Spoofing vs. Phishing

June. 12, 2020

1:00-2:00AM PST

Each and every day, individuals with email addresses received dozens -- sometimes even hundreds -- of unsolicited emails. Although this daily onslaught of gratuitous emails is often regarded as a harmless nuisance, malicious actors plotting cybersecurity attacks may lurk beneath the surface on occasion. Such malicious attacks are often carried with the goal of stealing highly sensitive data, private credentials, and additional delicate information that may be stored on an individual’s device. Generally confused for one another, spoofing and phishing are two of the most prevalent types of email-based data theft strategies that have been mobilized by cybercriminals. However, both spoofing and phishing are comprised of different characteristics that pose their own distinct dangers to user data.

What is Spoofing?

The United States Federal Bureau of Investigation defines spoofing as “when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.” Thus, a cybercriminal carrying out a spoofing attempt effectively impersonates an unrelated, and often credible, organization, company, or person in order to capture sensitive information pertaining to an individual or business that was otherwise intended to be private and secure. Spoofing attempts are sometimes carried out for the purpose of monetary gains as well. Through the use of counterfeit email addresses that are shockingly similar to the original genuine email addresses, these cybercriminals can easily get their victims to reveal incredibly delicate information that pertains to a slew of personal or business matters -- for example, private bank account information. Moreover, the cybercriminals behind spoofing attacks often lead their victims to believe that the email’s true purpose is to warn of an actual or impending security breach or threat, like identity theft.

 

Over time, it has become increasingly less difficult for such hackers to feign legitimacy. To appear as credible as the source they are impersonating, hackers often get their hands on corporate logos and recognizable graphics, embedding them into their email-attacks. This trusted imagery is typically a powerful tactic, successfully convincing many victims to click on links that result in the implementation of malicious software or files that have the potential to bring about grave destruction to the device, its operating system, and its applications. Furthermore, these malicious files may also disperse throughout the network, putting the data of friends, family members, clients, business associates, etc. in jeopardy. 

 

In order to avoid spoofing attacks, users should be mindful of and when possible, thoroughly review, all communications that land in their inboxes. The main tell-tale sign of email spoofing is the presence of spelling errors located in the sender’s email address. Additionally, the prevalence of grammatical mistakes, impersonal greetings, time-sensitive threats, unexpected files, vague or absent information, as well as awkward sentence structure and unusual phrasing, should also serve as a red flag to users. Moreover, email correspondence from unknown senders and that contains questions pertaining to personal, private information should be cause for suspicion. Users just trust their instincts when navigating potential spoofing attempts. Deleting any questionable emails received and quickly shutting down browsers are highly advised precautionary measures. However, if the user is unsure of the legitimacy of an email that they have received, simply calling the individual, company, or organization in question will undoubtedly provide clarity.

What is Phishing?

More often than not, phishing attacks incorporate some of the very same tactics as spoofing. This is due to the fact that phishing typically includes the mobilization of deceptive, yet seemingly legitimate email correspondence. However, “unlike spoofing, a phishing scam usually provides a link to a bogus website where the end-user is required to enter sensitive account information.” To put it simply, the purpose of phishing is for cybercriminals to manipulate victims into willingly handing over private and confidential information relating to one’s personal and/or business affairs. In leveraging a spoofed email address, hackers carrying out phishing attempts typically request the verification or update of a victim’s personal information. In order to do so, victims are then required to either visit an external URL or send a reply. And the email and web addresses utilized by these cybercriminals typically feel legitimate and familiar to the user, easily convincing them to respond or follow through with the requested action.

 

Generally, after clicking on the link provided in the phishing email, victims are directed to a seemingly reputable and legitimate site. These sites often resemble the sites that they are impersonating so well that victims are easily persuaded to divulge private information like passwords, social security numbers, banking PINs, tax IDs, credit card numbers, etc. And victims who innocently disclose this information may unknowingly bring about long-lasting harm to their assets, along with permanent blemishes to their credit ratings. As technology has advanced, hackers have unfortunately grown more proficient in skills like web programming and computer coding, making it even easier for them to deceive their victims.

 

But device owners should not fret, as there are several methods that can help to steer clear of these phishing attacks. Individuals are advised to take careful note of subtle spelling and grammatical errors in both domain names and email contents, the presence of attached files, overly dramatic or aggressive subject lines, and requests for private user credentials, as these should all be a cause for skepticism. Specifically, if email attachments do not consist of the prominent “.jpg,” “.docx,” “.png,” etc., users are highly recommended to proceed with caution. Attachments including the naming devices “.exe,” “.zip,” and “.scr,” for example, should typically serve as a word of warning for users. Similar to spoofing, users that suspect a phishing attempt are urged to deleting any questionable emails received and quickly close out browsers. On top of this, experts implore individuals to contact their service providers regarding such disreputable and unethical activity. This can enable service providers to provide the individual in question, as well as its other customers, will the utmost thorough protection of data, information, assets, and identities.

Ensure Email Security

For greater security and peace of mind, users are encouraged to seek out the assistance of an email security platform, like Trustifi. Trustifi’s team of highly skilled and experienced IT professionals provides its clients with an abundance of email security solutions, including advanced threat protection for malicious activities like spoofing and phishing.

 

References

Cholewa, Thomas. “The Difference Between Phishing & Spoofing.” Small Business -

Chron.com, Chron.com, 21 Nov. 2017,

smallbusiness.chron.com/difference-between-phishing-spoofing-70932.html#:~:text=Phishing%20and%20spoofing%20are%20clearly,is%20a%20means%20of%20delivery.

 

“Spoofing and Phishing.” FBI, FBI, 17 Apr. 2020,

www.fbi.gov/scams-and-safety/common-scams-and-crimes/spoofing-and-phishing.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Viruses vs Worms

June. 05, 2020

2:00-3:00AM PST

In order to properly thwart malware, it is essential to understand the various classifications of malware that one may encounter at some point. As intrusive software created with the goal of ensuing damage and destruction to a slew of devices, malware comes in numerous forms -- all bringing along their own problems to be addressed in varying degrees. According to PCWorld, a PC plagued by malware might exhibit symptoms that include, but are not limited to a “slower-than-usual performance, a sudden spate of pop-ups, and other anomalous issues.” However, of all of the shapes that malware can take, two are commonly confused for one another: viruses and worms. User data is precious and incredibly valuable. By creating awareness and boosting overall knowledge regarding these two different kinds of malware, we aim to help users to spot them more easily, in turn equipping them to avoid catastrophic data or IT information loss.

What is a Virus?

Although most appearances of malware are commonly assumed to be viruses, this is not an accurate categorization. As technology, and as a result, cybersecurity threat tools, have evolved and advanced, occurrences of computer viruses have become rather sparse. Today, viruses account for a mere 10% of overall malware appearances. A subcategory of malware, a computer virus is a malicious software linked to a file or document, enabling the execution of destructive code that can spread from network to network. It is crucial to note that nearly every virus is enabled as a result of its attachment to an executable file. So, following download, a virus will remain inactive until opened and in operation. In other words, when a user executes such a file, the user -- in effect -- executes the virus themselves. This malicious software is designed with the goal of bringing destruction and interference upon a system’s operations. Consequently, viruses can trigger major, catastrophic data loss and operational complications.

Despite major technological improvements made over the course of the past few decades, a virus is surprisingly still the only type of malware that can infect other files, making them incredibly difficult to eradicate. Follow this spread of infection, the virus can then transfer itself to documents, files, code, etc. located on additional devices via memory-storage devices, online systems, and networks -- often multiplying until data is obliterated or program codes become debilitated entirely. Moreover, viruses can vary greatly in their severity, with damages ranging from benign humor to immediate and total system ruin. And individuals who encounter the later may find their valuable data permanently compromised.

What is a Worm?

Similarly, a worm manifests itself as malicious software that quickly multiplies and disseminates to any, and sometimes all devices operating within the network. Differentiating themselves from viruses, worms are traditionally independent software and do not require a host program in order to circulate. In fact, absolutely no human action is needed for a worm to multiply and disperse across a number of networks, wreaking havoc. Following the infection of a device through a network connection or downloaded file, worms aggressively reproduce and spread. Easily distributing themselves across systems, worms can either take advantage of a vulnerability on a target network or weaponize a form of social engineering in order to deceive users into carrying them out. Furthermore, a worm is able to freely traverse a system by either entering a device via a fragile point or by taking advantage of file or information transport features on a device. 

According to Encyclopedia Britannica, the first worm was released onto the Internet in November 1988 from MIT, by “a computer science student at Cornell University named Robert Morris” who hoped to maintain anonymity as a guest on campus. The birth of the computer worm was rather harmless, aside from forcing nearly 1/10 of the Internet to cease operations briefly. But as time passed and technology continued to flourish, worms became a tool for cybercriminals. And very much like viruses, worms can significantly disrupt a device’s operations, bringing about disastrous levels of data loss. Self-replicating and easily-dispersed, highly evolved worms can leverage other forms of malware, like ransomware, to bring about particularly harsh attacks on their targets. Worms are frequently key elements of cybersecurity attacks, with attackers utilizing their functions to produce zombie computers that become firmly linked in botnets, all with the purpose of dispersing spam or flooding web site with blackmail schemes and other methods of denial-of-service attacks.

How Should Malware Be Addressed?

There is no one surefire method to discern whether or not a device has been plagued with malicious code. As previously mentioned, some infections that may plague devices have the potential to completely obliterate files and ultimately shut down the device. On the other hand, some infections may only mildly impair a device’s typical operations, making it immensely difficult to locate the exact root cause of malware. Individuals are advised to keep an eye out for any abnormal and peculiar device behavior. However, anti-virus software can provide users with alerts of any malicious software that has made its way onto a given device or network. And oftentimes, this anti-virus software may be able to rid a device of malicious actors all on its own. But it is crucial to keep anti-virus software as updated as possible. Cyberattackers are constantly evolving their codes and tactics in an effort to successfully debilitate victim’s devices. Malware can be costly to a user’s wallet, time, and valuable data. Strengthening a device or network’s defenses against malicious code can help to avoid any malware induced damages. Keeping software up to date, regularly changing passwords, installing and enabling a firewall, and following good network security practices are the key to protecting devices against malware in all its forms.

Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid several kinds of malware is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect against malware while supplying clients with consistent alerts of any cybersecurity vulnerabilities or malicious actors within their network.

References

The Editors of Encyclopaedia Britannica. “Computer Worm.” Encyclopædia Britannica,

Encyclopædia Britannica, Inc., 10 Nov. 2017,

www.britannica.com/technology/computer-worm.

Geier, Eric, and Josh Norem. “How to Remove Malware from Your Windows PC.” PCWorld,

PCWorld, 6 May 2019,

www.pcworld.com/article/243818/how-to-remove-malware-from-your-windows-pc.html.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

The Importance of End-to-End Email Encryption

June. 05, 2020

10:00-11:00AM PST

Given the current state of the world, sensitive and valuable data is being stored on countless devices and networks at staggering rates. This creates an even greater need for advanced cybersecurity measurements. One of the most surefire methods of data security is end-to-end email encryption. As schemes like phishing and spoofing become increasingly prevalent, email encryption provides a defense against potentially malicious links or identity impersonations. End-to-end email encryption effectively secures data sent via email so that it is only accessible and legible to the sender and the recipient. In other words, the two parties at either end can read the contents. Any attempts at interception will wind up with a scramble of illegible gibberish.

Encryption, in general, is a core line of defense for Internet usage, data storage, and web-based communication. Data security and Internet privacy cannot be achieved without the use of encryption. Once highly sensitive data like credit card numbers, emails, or voice calls are unleashed onto the complicated and confusing web that is the Internet, there is nothing standing between that data and random, unknown devices, networks, routers, and servers that may be vulnerable to a cybersecurity attack. If emails are intercepted, they can be read very easily. Encryption serves as the solution to this problem.

Through the process of encryption, a user’s data is transformed into a mixed up, universally illegible product that is only decipherable once it arrives in the possession of its intended recipient. The latter element of this process is commonly referred to as decryption. Via the combined efforts of an encryption key and an encryption algorithm, the unencrypted data -- or plain text -- is converted into encrypted data -- or cyphertext. The proper encryption key, along with the algorithm, is the only way for the recipient to eventually decipher the encrypted data. So, only those with the correct key, which is supplied by the encryption software and not required to be remembered by the user, will ever be able to read the encrypted data. This means that any parties attempting to intercept the encrypted messages, including but not limited to government actors, hackers, and even the server the data is traversing, will be unsuccessful.

Asymmetric Encryption

Through the use of asymmetric encryption, users are provided with an even more secure solution to the security of their data. Asymmetric encryption entails “two types of keys [that] are used for each party, one public key and one private key, that is each party has a public key and a private key.” The public key is accessible to both parties, along with any other parties that they care to grant access to, prior to the initiation of email correspondence. In effect, the sender utilizes the recipient’s public key to encrypt the message. Thus, the message is then only decipherable with the use of the recipient’s public key and private key (which is only stored on their device). And it is crucial to note that the recipient’s private key is exclusively theirs. Not even the sender has access to this private key, making it completely unfeasible for an outside party to intercept and read the contents of the email.

With end-to-end encryption, third party interception becomes impossible -- no matter where it may be on its path to its intended recipient. To put this in simpler terms, if two parties correspond via Gmail without the use of end-to-end encryption, there is nothing preventing Google from accessing messages stored on their server. Without access to a recipient’s private key, malicious actors making any attempts and intercepting email data will be left with undecipherable content. Thus, through end-to-end email encryption, the contents of emails are guaranteed to be received in their entirety and free of interference.

PGP Email Encryption

One form of end-to-end email encryption is PGP email encryption. This method of email encryption utilizes public key infrastructure, along with symmetric encryption, and is widely considered to be one of the most secure options in terms of email encryption. However, PGP email encryption is not the most user-friendly, as it necessitates thorough training in order to avoid security vulnerabilities. Attacks on PGP systems are unfortunately rather common, due to the fact that their standards do not mandate that evaluations are made on the recipient end to ensure that interception has not occurred.

s/MIME Email Encryption

s/MIME, or the Secure/Multipurpose Internet Mail Extensions, is an additional system that depends on end-to-end email encryption. s/MIME operates via the use of digital email certificates, which are supplied by a certificate authority, in order to encrypt data through an encryption algorithm. s/MIME email encryption does have its flaws. The element of digital email certificates may prove challenging for the enterprise, as multiple certificates can be difficult and time-consuming to supervise and monitor. Moreover, s/MIME email encryption is not an option for those using web-based email platforms like Gmail. However, through its support and combination of both digital signature and message encryption, s/MIME is a balanced and secure method of email encryption. 

The Trustifi Solution

Although it has the potential to be rather complicated, email encryption doesn’t have to be an intimidating or taxing task. Trustifi’s NSA-grade end-to-end email encryption expertly overcomes the hurdles encountered by those utilizing PGP and s/MIME email encryption. “Once the reader has successfully opened an encrypted email from a source that they are sure is legitimate, they can also respond back to the email through a pre-existing platform.” This efficiently and masterfully provides the sender and the recipient alike with adequate protective measures.

And end-to-end email encryption is certainly the most effective form of email security, supplying users with an increased level of communication privacy and protection.  Trustifi’s email encryption platform is both user-friendly and highly secure. With trustworthy, dependable services that have the ability to seamlessly integrate with servers like Outlook that enable users to send secure messages without requiring them to switch platforms, Trustifi expertly protects the senders and recipients of all email correspondence -- including attached files, documents, photos, etc., and masterfully provides all clients with peace of mind.

References

“Data Protection Archives.” Trustifi, trustifi.com/category/data-protection/.

Unuth, Nadeem. “What Is End-to-End Encryption?” Lifewire, Lifewire, 12 Aug. 2019,

www.lifewire.com/what-is-end-to-end-encryption-4028873.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Spotting and Protecting Against Malware: Trojans and Ransomware

June. 5, 2020

1:00-2:00AM PST

Devices and technology have rapidly evolved over the past several years. Unfortunately, this evolution has brought along with it more opportunities and the elevation of numerous forms of malware. Malware, or malicious software, is a piece of software created for the purpose of device impairment, data theft, and overall network upheaval. Coming in many shapes and sizes, and varying greatly in threat-level, malware often serves as tools for hackers hoping to achieve economic gains -- by either disseminating it themselves or selling it at a hefty cost on the Dark Web. But attaining monetary winnings is far from the only goal of malware; protests, security tests, or the instigation of war between governments are additional motives for malware usage. Two types of malware in particular -- trojans and ransomware -- have recently experienced a spike in popularity within the hacking community. Understanding the functionality of each of these methods of malware, as well as the ways in which they can work together to cause severe damages, will help users to avoid disastrous encounters with them.

What is a Trojan?

A trojan, more formally referred to as a trojan horse, is a type of malicious software or code that appears legitimate and wellfounded but can result in a user’s total loss of control over their device or network. Trojans are especially dangerous, as they are typically devised in order to disrupt, damage, steal, or impose impairment and distress onto a user’s data or network. And “unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.” To put it simply, trojans disguise themselves as genuine files and/or applications in order to dupe users into loading and implementing the malware onto their devices. Once a user successfully installs a trojan onto their device, it is empowered to perform its designed functions and duties.

A user is critical to the success of a trojan. Without a user or host’s execution of a trojan, it is entirely useless. However, once a user executes a trojan -- opening and downloading what they have so innocently assumed to be a legitimate attachment or file, often from a sender impersonating someone the user knows -- the consequently installed malware can spread to other files, wreaking untold havoc on the device. 

The following are some of the most prevalent types of trojans that a user may encounter:

  • A Backdoor Trojan has the ability to produce a “backdoor” to a user’s device, providing attackers with access and control of the device. This type of trojan can enable hackers to download and steal valuable user data, as well as provide an opportunity for additional malware to be uploaded to the device.
  • A Downloader Trojan targets already-infected devices, downloading and installing new, updated versions of malicious software.
  • An Infostealer Trojan seeks to steal precious data from a device plagued with malware.
  • A Mailfinder Trojan aims to steal any or all email addresses that have been amassed on a device.

What is Ransomware?

Ransomware is an additional type of malicious software, designed with the goal of locking and encrypting user data located on a device. This data is only returned to its rightful owner following the payout of a ransom to the attacker. Cases have existed in which users are given a strict deadline to which they must pay a cybercriminal, and failure to do so has the potential to result in the permanent loss of their data. But even giving into the desired payouts of the attacker might not guarantee restored access, as many who deploy ransomware are actually cyberthieves. Ransomware keeps users from their personal files and data -- eliminating access to a user’s photos, documents, and even financial information. While these files still live on the user’s device, the ransomware has encrypted the data, rendering it entirely futile and nonfunctional. 

Regaining access to one’s data following a ransomware attack is far from simple. For this reason, it is crucial to be aware of the various forms of ransomware, as well as how to most successfully approach them. The following are some of the most common and typical variations of ransomware:

  • Crypto malware is especially disastrous, encrypting a user’s folders, files, documents, and hard-drives. 
  • Scareware takes the form of fake software that pretends to be a cleaning tool or anti-virus program. This ransomware typically demands a payout in exchange for fixing nonexistent problems plaguing one’s device. Scareware often has the ability to lock one’s device or flood it with an onslaught of pop-ups.
  • Lockers are a form of ransomware that often plague android users’ operating systems, locking them out, and ultimately preventing the access of any files or applications on the device.
  • Doxware, otherwise known as extortion-ware or leak-ware, threatens to publish sensitive, valuable, and previously private information onto the Internet if a ransom is not paid.

 

It is imperative to note that paying ransoms has the potential to lead users down a slippery slope. Payouts may not guarantee the return of your data, and cybercriminals may even require additional payouts -- extorting users to no end -- all while users never regain access to their valuable data, files, photos, documents, etc.

Avoiding Trojans, Ransomware, and Hybrids of Both

As user data grows increasingly sensitive, a large percentage of users will remain willing to payout ransoms. And consequently, the combination of multiple forms of malware that can perform more functions is growing in popularity. According to Lindsey O’Donnell at ThreatList, “ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019.” For example, commonly utilized banking trojans have empowered hackers to more rapidly deploy ransomware. And so, pinpointing the exact strain of malware has become increasingly difficult, but doing so is also even more crucial than ever in terms of addressing device or network infections. Exhibiting care when dealing with email attachments, regularly backing up files on an external hard-drive, consistently changing passwords, keeping software as up to date as possible, installing and deploying firewalls, utilizing security software, and taking advantage of services provided by “the cloud” are all actions that users can take to ensure the security of their data.

Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid malware, like trojans and ransomware, is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect clients against. With the support of our highly skilled and experienced team, users are provided with consistent alerts of any cybersecurity threats or malicious actors that may plague their device or network.

References

“Cisco Security Threat and Vulnerability Intelligence.” What Is the Difference: Viruses, Worms,

Trojans, and Bots?, 10 Nov. 2014,

tools.cisco.com/security/center/resources/virus_differences.

O'Donnell, Lindsey. “ThreatList: Ransomware Trojans Picking Up Steam in 2019.” Threatpost

English Global Threatpostcom, 14 June 2019, 

threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How Working From Home Presents Changes In Cybersecurity

May. 29, 2020

1:00-2:00AM PST

In the wake of the COVID-19 pandemic that currently faces most of the planet, countless companies across the globe made a rapid transition to remote work. Offices closed and employees at every level were forced to change the ways in which they operated and worked on a daily basis, trading in meetings in conference rooms for zoom calls. Prior to this new work-from-home era born out of the coronavirus, the Bureau of Labor Statistics found that a mere “29% of Americans” had the capacity to work remotely. And according to Buffer’s annual report entitled State of Remote Work, “99% [of 2,500 individuals] said they would [have] like[d] to work remotely at least some of the time for the rest of their careers” back in the pre-coronavirus world of 2019. So, it seems -- although via an unorthodox route -- that Americans are getting the remote work transition that some have long yearned for. However, working from home undoubtedly poses some cybersecurity risks.

 

Without a choice, the majority of nonessentials are currently working from home. And as they do, some are facing a slew of complications. This is due to the fact that many businesses were not previously equipped with sufficient “cyber and network security system[s]”. As a result, these businesses lack knowledge regarding just how risky it can be for their employees to connect and work remotely. Companies, ranging vastly in size and scope, are now experiencing “an uptick in email-based threats, endpoint-security gaps, and other problems as a result of the sudden switch to a fully remote workforce.” 

 

In order to spot the catastrophic outcomes of cybersecurity breaches, employees working from home should keep an eye out for the following symptoms:

  • The sudden appearance of previously uninstalled, new programs.
  • Slowed operation and function of the computer.
  • The appearance of strange, pop-up advertisements.
  • The inability to control the keyboard and/or mouse.

 

Workers who experience any of the aforementioned signs while working remotely are advised to notify their “company’s IT administrator so they can immediately mitigate risk.”

 

Unfortunately, there are several hazards and issues that come along with remote work. For one, an employee working from home will be connected to their home’s WiFi network. When at home, “IT managers can [no longer] control the security of all Wi-Fi networks,” and hackers typically are granted easier access to networks -- thanks to the weaker protocols often associated with home WiFi. Additionally, insecure passwords pose another threat to working remotely. Individuals sometimes use “simple passwords [that] are incredibly easy for hackers to crack” for personal devices and accounts. In this work-from-era, such elementary passwords may give hackers the opportunity to “gain unauthorized access to multiple accounts in a very short period of time.” Furthermore, working remotely has opened up countless individuals to phishing attacks on their personal devices, which in turn, puts their sensitive work-related data, files, etc. at risk. Through the use of easily created and seemingly legitimate, yet deceptive emails, hackers are “able to gain access to the employer’s device” through a single, innocent click of a malicious link. As disturbing as it may be, there have been several email phishing scams as of late that take the form of illegitimate COVID-19 related company policy changes.

 

Each and every business has data, files, media, etc. that are sensitive, at least at some stage. As the majority of states remain under rather strict Stay-At-Home orders, companies and their workers must adapt -- taking more advanced security measures in an effort to keep their business running as safely and as successfully as possible. Devices and data should be protected when working remotely, just as they are in the office. And although this may be a challenge, it certainly is not impossible to achieve.

 

Employees can ensure that they maintain a secure connection by regularly performing several precautionary and proactive actions. It is strongly advised that employees stay in consistent contact with their supervisors and/or employers, as well as to keep an eye out for all policy changes and updates. Amidst the ever-changing circumstances surrounding this COVID-19 pandemic, it is crucial to keep abreast of “new policies to help keep you, your coworkers, and the business safe.” Moreover, it is much easier for employees to keep company information secure if they utilize company-supplied tech tools when working remotely. Many companies supply laptops and mobile devices to their employees that “likely include firewall and antivirus protection, along with security features like VPN and 2-factor authentication.” Making use of these “your company’s cybersecurity tools” and their built-in security measures will aid you in protecting both company data and devices. In addition, it’s vital to stick with previously vetted collaboration tools because, unfortunately, “you can’t be sure a quick-fix tool you’ve downloaded has the same protections [of those already approved for use by your employer].” It is also immensely important to ensure that employees working from home are remaining up to date on software updates and patches. These updates not only “help patch security flaws and help protect your data,” but also “add new features to your devices and remove outdated ones.” Another helpful addition to your work-from-home routine is the consistent use of a VPN, as this “can help protect the data you send and receive while you work from home.” The adoption of a VPN can provide a secure link between employees and businesses by encrypting data, “help[ing to] protect against cybercriminals and snoops from seeing what you do online during a workday.”

 

Overall, working remotely requires businesses and their employees to make changes in their everyday routines in order to ensure that their sensitive data is not vulnerable to cybersecurity breaches. “Structuring your day to work efficiently and maintain[ing] contact with your team” may help to maintain normalcy, high productivity, and data security. Cybersecurity is a delicate and quite unstable thing to maintain, but staying diligent and utilizing the tools at your disposal will undoubtedly yield wonderful results.

Trustifi has compiled a Remote Employee Security Playbook so that all individuals working remotely, both now and in the future, may be better equipped to face the growing threat of cyber criminals. With the guidance and expertise of our team, employees across every industry can confidently and safely work from home.

References:

“Remote Employee Security Playbook.” Trustifi, trustifi.com/remote-employee-security-playbook/.

Rubinstein, Carrie. “Beware: Remote Work Involves These 3 Cyber Security Risks.” Forbes,

Forbes Magazine, 10 Apr. 2020,

www.forbes.com/sites/carrierubinstein/2020/04/10/beware-remote-work-involves-these-3-cyber-security-risks/#2b8978c961c4.

“State of Remote Work 2019.” Buffer, 2019, buffer.com/state-of-remote-work-2019.

Symanovich, Steve. “Working Remote Due to the Coronavirus? These 7 Tips Can Help Keep

Your Connections Secure.” Working Remote Due to the Coronavirus? These 7 Tips Can

Help Keep Your Connections Secure | NortonLifeLock, us.norton.com/internetsecurity-emerging-threats-working-from-home-due-to-coronavirus.html.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Cloud-Based Email Encryption & Optimizing Data Security

May. 29, 2020

1:20-2:10AM PST

As more and more businesses and their employees turn to email as their main method of communication, the security and invulnerability of email communications become exponentially crucial. Email encryption makes a strong effort to address this issue of data, file, and messaging security, and entails “encrypting, or disguising, the content of email messages in order to protect potentially sensitive information from being read by anyone other than intended recipients.” Although sensitive information shared via email like Social Security numbers, log-in credentials, and bank account numbers benefit greatly from email encryption, “it’s not just those who may email sensitive information” who are advised to invest in email encryption. As relied upon as email may be, it is quite a vulnerable form of communication; “particularly when emails are sent over unsecured, or public, Wi-Fi networks.” And any email account can be vulnerable to the attack of a hacker, putting their attachment, content, and sometimes the entirety of their email account at risk of being compromised.

Earlier this year, Tony Bradley of LifeWire made an incredibly thoughtful and insightful analogy to help individuals better understand the importance of email encryption for data security: “If you are on vacation you might send a picture postcard to a friend or family member with a quick "wish you were here" sort of message. But, if you are writing a personal letter to that same friend or family member, you would be more inclined to seal it in an envelope.” One method of email encryption -- a personal email certificate -- “digitally signs your messages, reducing the [number] of spam messages that can be sent using your name and email account.” A personal email certificate’s digital signature confirms to recipients that the sender did in fact send the message that was received. An added bonus of utilizing a personal email certificate is that it provides users with “help to stem the tide of spam and malware being distributed in [their] name.”

Through email encryption, “the sender [is equipped] with a comprehensive set of tools that gives them an unprecedented level of control over the[ir] content.” A private email key, “stored on your computer,” is utilized to unlock emails and decrypt original messages. In other words, “each person with an email address has a pair of keys associated with that email address, and these keys are required in order to encrypt or decrypt an email.” One such key is deemed a “private key,” and is housed within a keyserver, linked with your name and email address, and any individual can access it. Contrastingly, your private key is yours alone and access cannot be shared. Thus, senders encrypt using the public key, “while the intended recipient would use the private key to decrypt those messages into a readable format.” This system of keys is known as public key infrastructure (PKI) and it is the most common form of email encryption.

There are several variations of email encryption protocol, but the most prevalent are:

Oftentimes, to avoid any difficulties for individual employees, companies will opt for automatic email encryption using an email encryption service. Such services typically supply software that configures emails to “pass through a gateway appliance that is set up to be compliant with the company’s security policies.” That being said, it is important to point out that cloud-based email encryption offers individuals added ease of use, convenience, and economic savings. While maintaining the utmost email security, the cloud-based format gives users more flexibility and command over the ways in which their messaging, files, and data are interacted with via email. Moreover, cloud technology provides businesses and individuals with opportunities for increased scalability, reduced IT costs, collaboration efficiency, flexibility, improved access updates, and stronger business continuity. 

Email encryption services are multipurpose when it comes to securing vulnerable information.

  1. In encrypting the connection between email providers, hackers are prevented from intercepting both outgoing and incoming messages advancing from server to server. As a result, this “prevents unauthorized users on the network from intercepting and capturing your login credentials and any email messages you send or receive”.
  2. An email’s content (including attachments) can be encrypted, making even intercepted emails unreadable to the human eye. The encryption of emails prior to them being sent out into the world, in other words, renders them essentially useless and void of any information.
  3. Encrypting old and archived emails will stop attackers from gaining access to emails that are not in transit. If hackers gain access -- despite password protection of your accounts and even your device -- to backed-up emails, email encryption guarantees that the contents are indecipherable.

Consistently encrypting all emails, sent and received, will ultimately result in the best outcomes in terms of email data, file, attachment, etc. security and protection. In saving email encryption for emails containing delicate information, a flag is raised for hackers, “pointing them directly to the messages that are most likely to contain valuable, sensitive information – the very information you’re trying to prevent outsiders from gaining access to in the first place.” And so, a full-scale, holistic approach to email encryption will undoubtedly create a greater, multi-layered barrier to entry for hackers, as even the most dedicated data sleuths will find a one-by-one email examination process too burdensome and daunting.

Even emails sent via a seemingly secure company network are not entirely safe from hackers. No matter the pre existing security measures provided by a given network, “encryption is an important added security measure that makes sure that even if a message is intercepted, its information cannot be accessed.” A strong and thorough email security approach, like email encryption, can help to prevent hackers from conducting breaches, as they “rely primarily on email to distribute spam, malware, and other threats.” And as employees -- from entry-level to executives -- rely more heavily on the flexibility of their technology security services, the demand for cloud-based email encryption is sure to skyrocket.

 

References

Bradley, Tony. “Here's Why and How to Encrypt Your Email.” Lifewire, Lifewire, 30 Jan. 2020,

www.lifewire.com/you-should-encrypt-your-email-2486679.

“Data Protection Archives.” Trustifi, trustifi.com/category/data-protection/.

“Email Security Archives.” Trustifi, trustifi.com/category/email-security/.

“Email Security - Securing Cloud Email.” Cisco, 21 Apr. 2020,

www.cisco.com/c/en/us/products/security/email-security/index.html.

Lord, Nate. “What Is Email Encryption? Definition, Best Practices & More.” Digital

Guardian, 3 Jan. 2019, digitalguardian.com/blog/what-email-encryption.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Secure Your Email for Remote Workers

May 20, 2020

10:00-11:00AM PST

With the novel coronavirus forcing thousands of people across the country to work remotely, there has been a massive wave of phishing attacks aimed at stealing employee information. The scammers have been more effective in these latest attacks than we have seen in years. One issue that some companies are encountering is that a home computer security network is significantly different from the office cybersecurity systems, and personal computers are often less secure. There has been a number of CEO impersonation emails, luring employees to fake websites where they give out personal information. The scammers have been impersonating health officials like the CDC and the World Health Organization (WHO). These tips can help you and your employees stay safe from phishing emails.

Two-Step Authentication

One way to help keep your company information secure is to require two-step authentication on all email accounts and applications. This is one of the best ways to help reduce the risk of phishing scams. With two-step authentication, you not only have to enter your password, but you also have to have a code sent to a specific phone number and you cannot log on until you have input that code correctly.

Many applications and programs are offering this now because of how much it reduces the risk of an account being hacked, even if your employee accidentally clicks on a link they should not. A password can be cracked, and for a good hacker, it can be cracked pretty easily, this just adds another layer of protection to make it a little bit harder for someone to steal your information.

Use a VPN

A Virtual Private Network (VPN) is software that can be used on home and public wifi to encrypt data even when you are using a public internet signal. A VPN will authenticate your information with the firewall in your network before anything is sent through it. This is especially important for a company that has employees handling sensitive data because it encrypts all of your data.

It is a good idea to have a VPN set up for your employees when they are working remotely because it can prevent hackers from accessing any of your company information, whether your employee is working at home or at a cafe — once things reopen.

Safeguard Your Email Accounts

Email is how most hackers will reach out to attempt to scam you to steal your information. An email encryption service can be a big help with keeping your communications safe.

Encrypted Video Conferences

There have been a lot of issues with video conferencing services since the pandemic forced so many people to work from home. Zoom especially has had hackers find their way into a video conference and disrupting the meeting; there have been accounts of "Zoombombers" showing pornography during a meeting, calling people racial slurs, and just being generally disruptive.

The best way to avoid things like this is to use a paid video conferencing service; they are usually a little more secure than Zoom. If you are using something like Zoom, check the privacy settings for the meeting before the meeting begins to make sure only those you invite can join the meeting. Another option is to protect your video conference meeting through Trustifi.

Anti-Phishing Training

Some people do not know how to recognize a phishing email when they see one. Take the time to show your employees some of the telltale signs of a phishing email and show them what to do if they see an email that appears suspicious. Great training that we recommend is provided by Lucy Security.

Anti-Virus Software

Good anti-virus software can get expensive; however, if you provide it for all of your employees and keep it up to date if someone does accidentally click on a malicious link or download an attachment from a suspicious email, there is a better chance that the virus may not work its way into your system. If you have good virus protection, it should catch a virus before it is even downloaded, and it can warn you when you click on a suspicious link that it may not be a safe website to go to.

Require Strong Passwords

While we may not like having elaborate passwords because they can be annoying to keep track of, they exist for a reason. Approximately 75 percent of people in a poll said they "use the same passwords for multiple accounts, and a high percentage of people haven’t changed duplicate passwords in over five years."

A weak password is a hacker's best friend. Have your employees use a strong password to keep hackers at bay. You can use a password generator to create completely random and strong passwords, but if they are annoyingly elaborate, your employee will need to write them down, and there is a good chance it will be saved somewhere on their computer.

 For a strong email encryption service that can help keep the phishers at bay, contact Trustifi today to learn what we can do to make your business more secure.

  

References

Sundar, Venkatesh. “How to Maintain Security with Remote Workers?” Indusface, 7 May 2020, www.indusface.com/blog/maintain-security-remote-workers/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization