Data breaches related to email happen with frightening regularity and most occur because senders are not able to or do not encrypt the contents of the email.
This leaves enterprises open to some very serious consequences, many of which can bring the enterprise to its knees.
With the concerns of enterprise privacy growing significantly, and the sheer pervasiveness of email, the following is necessary for all enterprises to follow to ensure the integrity of their security system:
- All data must be protected, whether it is in storage or in transit. By ensuring that the focus is on the protection of the data, it will be consistently secured and this means using encryption techniques. This is even more critical where email in the cloud solutions are used because the data must be encrypted before it goes into the cloud, thus protecting it from breaches and access by IT operations
- Do not wait for encryption techniques to break or until it needs a great deal of additions infrastructure before you use e-Discovery, archiving or scanning techniques. You should be able to maintain encryption while maintaining these services without any breakdown of the services. Ensure that you have mail routing and compliance in place for encryption and decryption of all email messages.
- Your security solutions should be stateless. This means there are no end user keys or certificates that require management. Keys can be dynamically generated, as and when needed, cutting out the need for key stores to be maintained. Stateless services also cut out the need for these keys and certificates to be backed up and replicated. For maximum disaster recovery, ensure that you have a system in place that takes a one-off backup of the master secret – this can be used to recreate a key server that generates keys without any data loss.
- Use a single encryption technology that works on all end points and all use cases, be it mobile, desktop, or web browser. IBE, or Identity Based Encryption, can be used for all external and internal mail communications. When the email is encrypted, the same delivery mechanism should be used – a push delivery model to the existing inbox, instead of having to have a separate inbox for secure communications.
- The solution should be easy to use and users should be able to send communications ad-hoc, internally and externally, without having to think about key exchanges or whether the recipient is using a shared password or has a certificate. The solution must work across all endpoints with no impact on how the email is used.
- The solution should support multi-tenancy, allowing each tenant to have their own branding and policies to address their requirements and the use cases of different departments and regions.
- The architecture must be flexible, able to support on-premises, hybrid, and cloud deployment. It should be able to address complex flows and integrate seamlessly with any number of different email infrastructures, website, and business applications.
The next step, once you have ensured that your email communications system is fully encrypted, is to train your staff on policies regarding the opening of email from unknown senders and/or downloading or opening attachments within the email.
If necessary, use an email client that scans all attachments for malware, blocking those that do not pass.