The Meridian Blog: Tech News, Tips & More for SMB and Enterprise Environments

Why and When Email Encryption is Important for SMB Security

Juliana Lee

Posted by Juliana Lee
Tue, Aug 16, 2016

secure email encryption imageI can’t stop thinking about encryption.

Right after Google announced plans to release an extension to its Chrome browser called “End-To-End”, with the goal of facilitating easier email encryption, I found a postcard on the sidewalk. The postcard was addressed to a house three doors down from where I found it, so I simply took it there and dropped it in their mailbox. But, in the process of searching for the address, I inadvertently read the greeting — “Dear Aunt Sally.”

Having no interest in Aunt Sally, I read no further — but I could have — and that is the point of this blog. Unencrypted email can be less secure than sending a post card via snail mail.

RELATED: The Biggest Security Threats Facing Employees Today

Not All Email is Equal

Much of the email we send would not be classified as sensitive and need not be encrypted. That’s a good thing, because according to Google almost half of the emails sent between its Gmail server and other email providers is not encrypted.

The reason is that, although Google encrypts with a method called “transit encryption,” which basically puts an electronic envelope around the email, transit encryption only works if both the receiving and sending web-based email providers use it. Google is encouraging people to pressure their email providers to use transit encryption on 100% of email. So, if transit encryption is used on both ends by each web-based email provider then your mail is protected from prying eyes just like a letter sent via the U.S. Postal Service.

RELATED: Quick Tips for Composing Better Emails

But here is where the similarity ends. The Post Office can’t open that envelope and read your mail. Web-based email providers can and do read your mail.

Of course, it’s an automated process using search algorithms, and the purpose is to do targeted advertising, or to scan for malware. No human eyes peruse your email. Your email provider also has to read your mail if you request a mail search, so in many cases transit encryption is the desired protection.

What About Really Sensitive Email?

Some data sent by email should only be seen by the sender and the recipient. In the past, it was mostly large enterprises, like banks, and government agencies that needed highly encrypted emails. But now, most small- to medium-sized businesses (SMBs) handle proprietary and confidential data.

Medical records as required by HIPAA, banking and billing information, credit card numbers, legal documents, customer contact lists, social security numbers, passport numbers, etc. There is a long list of material just too sensitive to be sent using only transit encryption.

RELATED: Who Needs to be HIPAA Compliant?

For this, you need end-to-end encryption, which is a lot more complicated than transit encryption. It offers another layer of security by encrypting email data as it leaves a user’s browser, and then decrypting it at the recipient’s end. To do this requires key certificates—secret codes that have the power to unlock data.

Key Certificates Are Valuable

Basically, end-to-end encryption takes that mail envelope and puts it into a locked safe, with the combination known only to the sender and receiver. Managing and controlling access to those key certificates is the tricky part.

RELATED: 5 Compliance Environments You Should Know About

The more encryption used, the more keys must be managed or controlled. This is important to prevent keys from being lost or stolen because once data is encrypted the key becomes as valuable as the data itself. That’s why end-to-end email, which has been available for some time using various software tools, has failed to become mainstream.

These tools require a great deal of technical knowledge and manual effort. Google says that it hopes that its End-to-End browser extension for Chrome, which is still in the testing and evaluating stage, will make it easier for anyone to send end-to-end encrypted email through not only Gmail, but any web-based email provider.

Get our Free Guide for Good Email Etiquette!

Juliana Lee

Ready to Become a Pro?

 Our White Paper can help.

whitepaper-4-key-elements-for-building-your-technology-road-map-thumbnail-3Subscribe to our blog and get your copy of "4 Key Elements to Consider When Building Your Technology Road Map"

You'll learn:

  • What role people play in determining your road map
  • How to build a plan in a multi-device world
  • What types of applications need to be considered
  • How data plays a key role in success


Subscribe to get your copy

Leave A Comment

About this blog

News, best practices and more to help you get the most out of your office technology. Whether you're an SMB owner who wears a lot of hats, or an enterprise IT director, facilities manager or just someone who wants to work smarter — this blog has the resources you need to maximize the business impact of all your tech investments. Be sure to subscribe to receive email updates about new posts!

Download our eBook