In Email Security Basics for the New Admin, a few things were covered that should give any new email administrator a foundation in what he or she should be doing.
However a foundation is only a starting point. There is much more to email security than making sure anti-virus software is up-to-date and that the perimeter is secured against outside attacks.
That is where the rest of this series comes in. Each will dive more deeply into an aspect of email security that newer admins will need to know.
In this blog post, we are going to talk about email encryption and show you how to set it up in Outlook 2010. But before we get our hands dirty, let’s take a quick look at how email encryption works and why it is so important.
The basics of email encryption
Email encryption works by scrambling a plaintext message into what is known as ciphertext. This makes the content of the message unreadable to anyone who a user has not given access to with what is known as a private key.
When the sender writes an email that is confidential, they can encrypt it using a public key. Without the matching private key, that is sent only to the recipient of the message, the content of the message cannot be read. A great analogy that is often used to describe this method of safeguarding email content is a locked email box with a mail slot. The location of the mail slot is accessible to the public, much like the public encryption key. The mail that is delivered there, however, can only be accessed by the holder of the key to unlock the mailbox, much like the private decryption key.
And why is this important? Because the content of many messages needs to be kept confidential; especially when dealing with information that could violate regulations like HIPPA or Sarbanes-Oxley. However email encryption can also be used to protect company secrets exchanged through email like financial data, customer information and other secrets that you wouldn’t want prying eyes to see.
Setting your users up with encryption
Before getting started, you have to obtain a digital ID from an independent Certificate Authority. This can be done in Outlook by clicking on the File tab and then selecting Options. From here you will click on Trust Center and then Microsoft Outlook Trust Center, click Trust Center Settings. Now on the E-mail Security tab, under Digital IDs (Certificates), click Get a Digital ID.
The user will be brought to a page where they can select a certificate authority where they can register a digital ID. You may want to tell them which one to register with.
Once they have a digital ID, they can start sending encrypted emails. To do this, they must first digitally sign the message. This provides the recipient with the private key that they will need to open your encrypted message.
This can be done by first creating the message and then selecting the Options tab and then in the Permission group, click Sign Message. This will sign this message only. Instead, you should have them digitally sign all outgoing messages by having them click the File tab and then select Options. Under Options, click Trust Center and then Trust Center Settings. From here, go to the E-mail Security tab and under Encrypted Mail choose Add digital signature to outgoing messages. Now click on OK for each open dialog box and you are set.
With the digital ID set, you can encrypt all outgoing messages by clicking the File tab and then Options. Under Trust Center and Trust Center Settings choose the E-mail Security tab again and under Encrypted E-mail choose the Encrypt contents and attachments for outgoing messages checkbox.
Clicking on the OK button again will set your user up so that all messages are encrypted and kept confidential.
Encryption is only one way to keep emails safe and secure but it should definitely be a part of any email security plan. Along with anti-malware, anti-spam filtering, server security and desktop security, email encryption can help protect your organization and its resources from the many different threats out there in the wild.