Are you mails secure? Do you need to encrypt your emails before sending them? We certainly believe so.
Why you should Encrypt Emails
Businesses need emails. However, email is one of the most prevalent communication methods present on the Internet. It comes before all the standard security measures we know now. Big vendors like Google will give you some security to a certain extends. However, there's always someone, who will try to breach the security and leak the data.
Now, you might not care about the security of every mail you send and that's fine. But, what about the password you've shared yesterday to your developer? Or some confidential business files? Once it's in email, it's hard to make it breach-proof.
Email Security Statistics that will change your mind about Encryption
- 5 out of 6 Large corporations were targeted by hackers via Email
- Email Malware has increased by 26% year over year since 2014
- Cyber Crime is a profitable endeavour with an ROI over 1425%
- According to Accenture security breaches are up by 11% since 2018
- SMBs are the target of 43% attacks
- 33 Billion records will be stolen by 2023
Enter the PGP
PGP (stands for 'pretty good privacy') is an encryption method. You may have already used encryption, zipping a file or locking a PDF with a password. But then you have to share that password, perhaps in that same old and insecure email.
PGP works in a very different way. Consider this (as in the classic example) a Locked box with two keys. If you lock with one key, you can't unlock with that key. You'll need the other key to unlock the box. So, what problem does it solve?
Every user upon generating a PGP key gets a public and a private key. The private key is as the name suggests, to keep private. While, you can give away your public key to everyone. Whenever anyone wants to send you anything encrypted, one will encrypt the content with your public key. Once encrypted, no one but you can decrypt it.
So... How do I use it?
First, it is not I, but we. You have to make a culture out of it throughout the organization. Educate them so that at least for sensitive content, everyone uses encryption.
Choosing a Mail System, or an encryption service.
If you are thinking of getting a mail service. Consider something like ProtonMail which gives excellent encryption support.
However, if you already have an existing mailing system. You may want to add PGP support to it. If you're using GSuite consider using Mailvelope.
Protonmail will take care of your encryptions smartly. You don't have to do almost anything there.
Mailvelope requires some initial setup. However, this is very easy to do. They have a pretty good guide to show you how.
Some Things to Remember...
You shouldn't trust the mail system or the encryption service. I've recommended ProtonMail and Mailvelope because both of them are open-source, therefore public audit is possible to see how their code works. Which allows us to trust in their technologies. Also, both of them will store your private key. However, the private key is useless without the password to unlock it and they don't store your password. So, whatever service you choose, try to understand how they implement it. A general rule of thumb is, if it is not open-source, avoid it.