Emails have been around since the 1990s and are one of the most commonly used modes for businesses to communicate and share information. RIAs rely on email to securely send important and confidential information with the convenience of being able to save and archive them for future access.
Despite the many benefits of emails, it continues to be one of the top security risks and has led to many data breaches and security issues. A special report on Email Security Trends from Barracuda Networks states that 87% of the IT security professionals surveyed have faced email-based attacks in the recent past.
Email security plays a critical role for RIAs as confidential information like account info, financial info, and social security numbers are communicated via email. The concern is that emails you send out can be infiltrated or exploited irrespective of your email servers being secure.
If you are unaware of the security measures that can be taken to secure your RIA’s email, checkout the Email Security Checklist for RIAs. It talks about encryption and many other email security measures like multi-factor authentication, advanced data loss prevention, advanced threat protection, and auditing.
Benefits of email encryption
Let's look at why it’s essential to encrypt emails, especially for RIAs that regularly use emails to communicate sensitive data.
Intercepting email messages is not difficult, and many hackers steal email data at its many points of transmission, including email servers, local networks, and even directly from your computer. This is very prevalent, and encryption does not make email communication immune to such attacks. Instead, it makes the message unreadable to anyone other than the intended party.
Encryption is also important when you are unsure about the security measures present at the recipient's server and computer. In these cases, it is vital that emails are only accessible to authenticated users. Encryption ensures this and also goes as far as to restrict downloading or forwarding restricted emails.
Many organizations require that email communication be encrypted for compliance-related purposes. Office 365 provides excellent coverage and compliance to help with this. We'll be looking at them in detail later in this article.
Some of your clients may not have sufficient security measures to ensure that the data you email them is kept confidential. Encryption can let you add extra security through things like temporary passcodes to access encrypted emails, without any infrastructure or configurations for your client.
How your RIA can use encryption to send sensitive information
Encryption is a vital part of email security, and it is important to understand how it works to make the most of it. It primarily works by encoding information with a key that is only made available to authorized recipients. When emails are encrypted, they are converted into unreadable ciphered text and transmitted to the intended recipient(s).
Within Office 365 and Outlook, when you’re sending an email, you can choose to encrypt it or encrypt it and prevent forwarding.
In this level of encryption, emails are only available within Microsoft 365. Only authorized users can open and read them via Outlook.com, the Outlook mobile app, or the Mail app in Windows 10. Other users will be able to use temporary passcodes to download messages and attachments.
Encrypt and prevent forwarding
This level ensures that emails are only accessible within Office 365 and can't be copied or forwarded. It also extends the encryption to Microsoft file types like Word, Excel, and PowerPoint so that they remain encrypted even after being downloaded. Note that this feature does not support other file types like PDFs and images.
How emails are encrypted in Office 365
Let's look at two areas in which Microsoft uses encryption to secure email communication.
Encryption of emails while in transit
These methods are used to encrypt emails while they are being transmitted from the sender to the recipient.
- Transport Layer Security (TLS): Office 365 encrypts email communication through its service by default with TLS. However, this method only encrypts the network communication and not the email itself. Office 365 uses the following security features to encrypt emails in transit:
- Office Message Encryption (OME): OME lets you use Azure Rights Management Service (Azure RMS) to define rules for encryption. If emails meet the conditions you define, they are encrypted before being transmitted. OME offers the flexibility to send encrypted emails to users both within and outside the Office 365 platform. External users can use a Microsoft account or a One-Time-Password (OTP) to decrypt their emails.
- Secure/Multipurpose Internet Mail Extensions (S/MIME): S/MIME assigns public and private key pairs for each individual user to facilitate email encryption. Only authorized users with valid private keys can open and read these emails. In addition, S/MIME offers another useful feature – Digital Signatures. These allow the recipient to validate the authenticity of the sender through a unique digital certificate. One downside of S/MIME is that it restricts security features like malware and spam scanners.
- Information Rights Management (IRM): IRM is another encryption solution that restricts unauthorized users from printing, forwarding, or copying confidential email data. IRM uses Azure Rights Management Service (Azure RMS) and allows admins to apply transport rules or Outlook protection rules. However, it is important to note that IRM does not apply universally to all recipient devices.
To take full advantage of these features, you need to configure them properly to meet the needs of your RIA. You can learn more in the Office 365 Trust Center.
Encryption of emails while at rest
"Data at Rest" is data that is not being transmitted, but simply stored on a hard drive. In addition to encrypting email content while being transmitted, Microsoft data centers use BitLocker Drive Encryption technology to safeguard email data even while they are not active.
Office 365 and Outlook offer multiple solutions for encrypting emails and protecting them against unauthorized copying and forwarding. The first step is to identify where you stand with regards to email security and knowing how best to configure your email. If you have questions about how your RIA can set up your email to send confidential information, get in touch. We’re happy to help.