We all use email to send documents, contracts, business information and invoices on a daily basis. It is the most common way for businesses to communicate. However, the problem is that the email is not secure. Your email can be compromised and attacked by cyber criminals who easily intercept them while traveling on a network. If your email isn’t encrypted, it can be hacked and read, just like email attachments, exposing you and your information to others. As data breaches become more and more frequent, sensitive data must be protected. So what is email encryption and why is it important?
Encryption is really a way of modifying files or your system in a way that requires a password to access that data. It works on several levels. We could use email encryption, but we can also encrypt the machines themselves. Encryption is also used for VPNs, network traffic, and even websites you visit. Often times you are reminded with a “lock symbol” acknowledging that the site is secure, a means of secure transfer of data.
Why is email encryption important for businesses? When it comes to things like HR, employee social security numbers, health plan information, benefits, finance, CPA setup, legal and IRA, are often sent and received by email. This information must surely be encrypted. Like all written personal information that you shred, information must be encrypted so that, while in transit, no one can see it. This is really beneficial when you transfer financial information between banks or when you share proprietary information.
There is currently a certain level of security for emails, but it does not offer the level of encryption. If someone were to simply retrieve an email while it was in transit, they would likely be able to see what is included in that email. Therefore, it is important to make sure that if you are sending information that you would not want people to see, that you encrypt that information, making sure you keep it safe.
How does the encryption of a PC or mobile device, like a laptop or phone, protect you or your business? This can happen through password protection at the hard drive level so that someone cannot access information about the machine or device. Full Disk Encryption encrypts the entire disk, including paging files, system files, and hibernation files. If an encrypted drive is lost, stolen, or placed in another computer, the drive’s encrypted state remains unchanged and only an authorized user can access its contents. Typically, if you lose a laptop or mobile device or if it is stolen and someone wants to see what is in it, they will not be able to do so because it is tied to the encryption key. In this sense, you protect the data that is physically on the machine.
We’ve gone through a few different iterations of email, disk, and PC encryption over the years, and the new methods Microsoft has offered are pretty good. Windows BitLocker, a free service built into the Windows 10 operating system, is a relatively seamless sign-in experience. BitLocker offers the best protection when used with a Trusted Platform Module (TPM). TPM is a hardware component installed in many newer computers by computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system is offline. BitLocker provides the option to lock the normal startup process until the user provides a personal identification number (PIN) or inserts a removable device, such as a USB flash drive, that contains a startup key. These additional security measures provide multi-factor authentication and assurance that the computer cannot start or recover from hibernation until the correct PIN or startup key is presented.
Anything saved on your servers can be kept encrypted under the same circumstances that your laptop was encrypted. For those who may need to leave your PC on 24/7, you can even use file system level encryption which can encrypt and decrypt files on demand. In addition, all removable devices such as USB sticks or hard drives can be purchased fully encrypted.
For more information on email encryption and network security, contact your Managed Service Provider… before it’s too late!
JoAnn Hodgdon is Vice President and Co-Founder of Portsmouth Computer Group (PCGiT) with her husband David. PCG provides its customers with comprehensive managed IT services, business continuity, security, cloud computing and virtual CIO services. You can reach her at [email protected] or at www.pcgit.com.