The Importance of Email Encryption
By Patrick W. Dunne – freelance writer for Digital Privacy News – follow him on LinkedIn or read his blog.
Email can be one of the least secure platforms out there. Every day, people freely exchange private information without regard for who might see it, or whose hands it could end up in.
You’re probably familiar with a few standard security tips, such as using strong passwords and avoiding spyware. However, many people overlook the importance of using encrypted email.
What is email encryption?
Email encryption refers to the process of scrambling, sending, and unscrambling an email, making it virtually unreadable to unwanted third parties along the way. Only the intended recipient will be able to read the message that has been encrypted because only they will have the right keys to decrypt it. Some email services have this functionality baked in and automatically encrypt and decrypt messages, while others rely on more involved methods of securing your email.
Many people use email as a method for sending confidential or sensitive information such as credit card info, social security numbers, or other private information. When sent using unencrypted email, this confidential information is more vulnerable to hackers.
Why do you need email encryption?
Email encryption is essential for anyone who wants to be in control their data, especially their private data. Beyond the peace of mind, the consequences of losing control of your data can be severe.
Small businesses are prime targets for hackers
You might remember a few significant data breaches: Facebook, LinkedIn, Marriott International, and especially Equifax. Big businesses have the most money and user data, so it makes sense that hackers would target them. However, startups and small companies may be the most at risk.
Small companies are especially vulnerable because they often lack the necessary personnel or resources to protect themselves or recover from an attack. A 2018 report by Beazley Breach Response Services found that small businesses comprised 71% of ransomware victims. The average ransom demand was $116,000 though one company reported a demand of $3.8 million.
Email encryption makes it more difficult for a hacker to gain access to private information, resulting in a lower risk of being compromised.
Email encryption saves money
Hackers, especially those that introduce malware through email messages, can demand an extraordinary amount of money through ransomware attacks, and some corporate data breaches can be even more costly.
According to a 2019 “Cost of a Data Breach” report from IBM and the Ponemon Institute, the average data breach costs a company $3.9 million. The report aggregated costs between 507 organizations across 17 industries in 16 regions. On average, hackers compromised 25,575 company records—meaning organizations paid an average of $150 for each stolen record.
According to the report, U.S. companies were disproportionately affected by data breaches. They paid an average of $8.19 million per violation. Healthcare was the most expensive industry, where companies were out an average of $6.45 million for each hack. Plus, healthcare breaches often take the longest to identify, with an average of 236 days.
The report also found that using preventative measures such as encryption or a response team could reduce damages by $720,000.
Remember the Equifax fiasco which resulted in a $700 million payout? How did hackers get access to such an enormous amount of data? The company didn’t use encryption.
Most countries have many comprehensive privacy laws requiring companies to keep sensitive information safe from hackers. These include:
- The California Consumer Privacy Act of 2018 (CCPA): Companies that meet specific conditions must encrypt data and meet “reasonable security procedures” or risk being sued when data is compromised.
- New York State Department of Financial Services’ Cybersecurity Requirements for Financial Services Companies: This law applies to most bankers, insurers, and other financial institutions. These state-mandated requirements ensure that financial companies encrypt private data (or take other measures to mitigate if they are unable to use encryption) and regularly delete unnecessary data.
- The Healthcare Insurance Portability and Accountability Act (HIPAA): Signed into law by Bill Clinton in 1996, HIPAA requires that health institutions not share or sell patient data.
- The European Banking Authority (EBA): Financial institutions and organizations which handle payment services must encrypt private data. Additionally, e-merchants can’t store unsecured data.
- General Data Protection Regulation (GDPR): Companies that store private customer information must adequately protect such data from outsiders. Plus, EU citizens have the “right to access” their data as well as the ‘right to be forgotten’ and the ‘right to be informed.’
How can you encrypt your email?
Email encryption is essential for any individual or business wanting to protect their private data.
Use a secure email provider such as StartMail to ensure that outsiders can’t read your confidential messages. You can have peace of mind knowing that only the intended recipients will be able to read your emails. StartMail’s comprehensive security standards help protect you and your private data from outside threats.
StartMail uses two kinds of encryption: the password-protected message (PPM) method and the PGP encryption method.
Messages encrypted using the password-protected method can only be decrypted using a shared password. This method is best for sending email to recipients with non-encrypted providers.
The PGP (“Pretty Good Privacy”) encryption method is the most secure way to encrypt your emails. This method requires both the sender and recipient to use a key pair that includes both a public key, which you share, and a private key, which you do not. The handshake between a sender’s public key and your key pair is what allows email to be decrypted. No handshake means that email is undecipherable.
To learn more about StartMail’s email encryption, click here to read our support article.
To protect your privacy, use a service that encrypts your email – don’t send unencrypted email. Unencrypted email can be intercepted, and sensitive data can easily land in the wrong hands. Use StartMail for encrypted email!
Protect yourself and your email! Try StartMail and keep your email private!