- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
Too expensive and too complicated - that's what many companies think about email encryption. But, is this really the truth? Here are the most common mistakes.
Almost 28 percent of small and medium-sized companies in Germany do not yet use email encryption. This was the result of a study commissioned by the Federal Ministry for Economic Affairs and Energy. The reasons given by those surveyed include that their communication partners cannot handle encrypted messages and that employees are not technically well-versed. Difficulties in managing certificates are often an obstacle.
Such concerns are legitimate but can be easily resolved with the
right technology. Here are the 11 most common misconceptions about
encryption - and how to refute them.
1. I Don't Need Email Encryption
Really not? Anyone who sends messages with
personal data must encrypt them. This was already
prescribed by the Federal Data Protection Act. With the GDPR, the
regulations have become even stricter. Violations can now result in high
fines. In addition, companies must report data protection violations to
the responsible supervisory authority within 72 hours and even notify the
persons concerned if there is an increased risk. Those who use email
encryption, on the other hand, are exempt from the obligation to notify the
data subjects.
2. I Can't Afford That
The question is rather: can you afford to do without encryption? A
violation of the GDPR can result in sanctions of up to 20 million euros or four
percent of global annual sales, whichever is higher. In addition, there is
the damage caused by the loss of image as a result of a data protection breach. A
good email encryption solution is definitely cheaper.
3. Email Encryption Is Way Too Complicated
That's right if you want to do everything yourself. Because
with OpenPGP and S / MIME there are different encryption standards that are not
compatible with each other. You may have to install a plug-in in the email
client. In addition, key management is complex. Today, however, there
are solutions in which the user does not have to worry about anything. Such
encryption gateways are usually easy to implement and are also available in the
cloud.
4. I Can Do This Alone
Yes, but that is very time-consuming. In addition, the user
has to know what he is doing. If he makes mistakes, communication is no
longer protected. It is therefore advisable to use a solution that does as
much as possible automatically in the background for a certain number of users
or for users who are less tech-savvy.
5. I Have to Convince My Communication
Partners of "my" Solution
No need. A corresponding encryption gateway automatically
recognizes which technology a communication partner is using. So everyone
can use the standard they want. However, the prerequisite is that no
proprietary technology is used. A gateway that supports common encryption
methods should also be used.
6. It Doesn't Work Because My Communication
Partners Have No Idea About Technology
In fact, email encryption is rarely used by private individuals
and is usually perceived as too complicated. Showing a study of GMX and Web.de . Anyone
who communicates a lot with people who do not use encryption can offer alternative
solutions. One possibility, for example, is a secure web portal where the
recipient can pick up his encrypted message.
7. I Use Ssl / Tsl - That's Enough
TLS is just a transport encryption. The technology creates a
tunnel between two computers through which the e-mail is sent. However,
the message is available in plain text on the sending and receiving computers
and can be read, manipulated or copied. In addition, the e-mail is
forwarded from computer to computer on its way through the Internet before it
reaches the recipient.
The sender cannot check whether each of the computers is actually
establishing a new, secure tunnel. In addition to transport encryption,
you should therefore use content encryption with OpenPGP or S / MIME . The
content of the message is encrypted - except for metadata such as sender,
recipient and date of dispatch. Together, content encryption and transport
encryption ensure a high level of protection.
8. My Cloud Provider Is Already Encrypting
Do you have unlimited trust in your cloud provider? If he
takes on both email management and email encryption, he'll also have your keys
and read your messages. It's a bit like giving someone a locked cashbox to
keep and taping the key under it.
Your cloud provider is most likely not interested in decrypting
and using customer information. However, if the provider is an American
company, it falls under the CLOUD Act of 2018. This is a tightening of the USA
PATRIOT Act of 2001. Previously unclear facts have been specified and the CLOUD
Act now also gives US authorities access on data stored on servers of US
companies abroad, even retrospectively.
In addition, the fact that the ECJ has just declared the Privacy
Shield Agreement invalid is causing additional concerns among European
companies. So either you should separate email management and email
encryption. Or you can use a solution that enables you to save your keys
with you.
9. My Antivirus and DLP Solution Will Then
No Longer Work
This is a problem with end-to-end encryption because antivirus and data loss prevention solutions
(DLP) cannot view the messages and consequently cannot examine them. However,
there is also a hybrid approach: end-to-end encryption is used between the
sender and the gateway. At the gateway, the message is made available in
plain text, checked for malware and content, and then encrypted again and
transported to the recipient's mailbox.
10. I Need to Install Plug-Ins on All Clients
No need. All e-mail clients available on the market today
have already integrated e-mail encryption based on S / MIME. It can be
triggered at the push of a button. However, the user has to take care of
the key management himself. Not so if he uses an encryption gateway that
does this job. Then only one click on the encryption button in the e-mail
program is necessary to send a secure message.
11. My Archiving Solution
Will No Longer Work Properly
If an archiving system does not see messages in clear text, it
cannot index them. This makes it difficult to find emails in the archive. However,
this problem can be avoided by placing a proxy between the archiving solution
and the e-mail system. E-mails can then be archived in encrypted form, but
at the same time they are searchable because the content is indexed.
Conclusion
In fact, there is no longer any reason to do without email encryption. Because nobody wants to risk that plain text emails can be read along if they fall into the wrong hands. With regard to personal data, secure communication is a must anyway. Corresponding encryption systems, which are based on standards, offer interfaces to archive and security solutions and are user-friendly, can remove all concerns.
- Get link
- X
- Other Apps
Comments
Post a Comment