Encryption functions are algorithms designed to render data unreadable to anyone that does not have the decryption key. Data encrypted with a strong encryption algorithm can be transmitted over a public channel with no fear of eavesdroppers.
By default, email protocols have no built-in encryption, meaning that someone who intercepts an email in transit could read its contents. Email encryption addresses this issue by encrypting sensitive emails so that only the intended recipients can read them.
The Importance of Email Encryption
Emails can contain sensitive corporate data or personal information protected under data privacy laws. If these emails are intercepted and viewed by an unauthorized party, they could reveal intellectual property or trade secrets or put an organization at risk of legal penalties for regulatory non-compliance.
Email encryption enables an organization to protect the privacy and security of its communications and to maintain regulatory compliance. As a result, it is a core component of a corporate data and email security program and a common requirement of data privacy laws.
How Does Email Encryption Work?
Data encryption can be performed using symmetric or asymmetric encryption algorithms. Symmetric encryption uses the same secret key for encryption and decryption, while asymmetric or public key cryptography uses a public key for encryption and a related private key for decryption.
While it is possible to use symmetric cryptography for email encryption, this requires the ability to securely share a secret key with the intended recipient of the message. If this key is sent by email, the email would have to be unencrypted for the recipient to read it, so an eavesdropper could intercept this email and use the enclosed key to decrypt the encrypted email.
As a result, many email encryption schemes use asymmetric cryptographic algorithms. With asymmetric cryptography, the key used for encryption is public, so it can be sent over insecure email or posted on a website. For example, Check Point’s public key for reporting security issues via secure email is located here.
With a user’s public key, it is possible to generate an encrypted email that cannot be read by an eavesdropper. When the intended recipient receives the email, they decrypt it with the corresponding private key, producing the original message.
Types Of Email Encryption
The main challenge with using public key cryptography for email encryption is distributing and authenticating a user’s public key. Email encryption provides no benefit if the public key that is used belongs to an eavesdropper, not the attacker.
Different types of email encryption take different approaches to the distribution of these public keys. Two of the most common forms of email encryption include:
- Secure/Multipurpose Internet Mail Extensions (S/MIME): S/MIME is the most commonly-used email encryption protocol because it is built into many mobile devices and webmail platforms. S/MIME uses a centralized public key infrastructure (PKI) to create, distribute, and validate public keys. For example, an IT administrator may act as a root certificate authority (CA) that distributes digital certificates to employees that link their identity to their public key. These certificates can be distributed via the corporate email system to allow employees to send encrypted messages to one another.
- Pretty Good Privacy (PGP): PGP relies on a more decentralized and informal method of generating and distributing public keys. Users generate their own public/private keypairs and distribute their own public keys. The Check Point public key mentioned above is an example of a PGP key. PGP is not built into as many email systems and may require third-party software to encrypt and decrypt emails.
Benefits Of Email Encryption
Email encryption is a powerful tool for data privacy and security. Some of the main benefits that email brings to an organization include:
- Data Privacy and Security: Email encryption makes it possible to prevent eavesdroppers from reading intercepted emails. This helps to protect the privacy and security of sensitive corporate and customer data that may be contained within or attached to an email.
- Authentication: Email encryption ensures that an email can only be opened and read by someone with the appropriate private key. This can help to protect against email spoofing attacks where someone pretends to be a coworker or other trusted party.
- Regulatory Compliance: Data protection regulations commonly mandate that personal protected data be encrypted both while at rest and in transit. Email encryption helps an organization to comply with this second requirement.
Secure Your Email with Check Point
When email protocols were first defined, data privacy and security were not a primary concern, so many email and other Internet protocols are unencrypted by default. As a result, an eavesdropper may be able to intercept, read, and potentially modify these communications.
Email encryption helps to mitigate the threat of these man-in-the-middle (MitM) attacks by rendering an eavesdropper unable to read intercepted emails. Check Point and Avanan’s Harmony Email and Collaboration offers built-in email encryption functionality.