Our company uses Office365 for most business activities. As security professionals, we have setup our email system to be as secure as possible without harming our business.
In order to detect potential issues, we monitor encryption of inbound and outbound emails to see which email domains have not implemented TLS for network level email encryption. However, we have configured Office365 to enforce encryption for inbound and outbound email receiver/sent to our clients and partners.
It makes sense to look at the Mail Flow section of ‘Office 365 Security & Compliance’ admin portal on a frequent basis. I can see the following information on the widget:
Immediately, I am satisfied that all outgoing emails were encrypted. However, a small percentage of inbound emails were not. Further details are available.
This is where a detailed report can be generated and then downloaded in the reports section of the same portal. After some waiting, approximately 5 minutes, the downloaded CSV file informs me that the following email domains sent emails to Foresight Cyber without using TLS encryption. Given that Office365 offers opportunistic TLS encryption, the most probably explanation is that domain owners have not properly configured their emails servers to support TLS encryption. For some of the domains that is rather interesting, as surprisingly, they are very well-known organisations.
To some this still needs further explanation so let me try and not lose you in tech jargon and let’s break this down…
Why is it important to encrypt emails?
Remember how you felt the last time you lost something important to you – like your mobile phone? External emails can carry all sorts of viruses & malware which can destroy everything in your entire network or on your hard drive. This is game over for businesses that don’t back up their data/files or don’t have any kind of Plan B in place. Losing your phone is difficult enough but losing your business data could have major consequences that you may struggle to recover from!
Why should you encrypt emails leaving your local servers?
If you’ve ever sent a text message to the wrong person then you know that these types of mishaps can happen easily. But imagine that text was an email containing sensitive personal financial information, that was intercepted by a hacker? Or your business marketing strategy for the year ahead somehow leaked to your competitor?
This is where encryption is vital. Encryption protects privacy by turning private information into “for your eyes only” messages, meant to be viewed by the parties that need them and no one else.
Encryption helps businesses stay compliant as well as helps protect the valuable data of their customers. Some organisations are bound by law to encrypt their emails, this is to protect sensitive information - for example, sensitive data from your healthcare providers.
We understand that this information isn’t easy for all to absorb! If you’re scratching your head right now & thinking about how you can implement encryption protocols & it’s giving you a headache? Please do not get stressed, Foresight Cyber can come to your aid so get in contact now, let’s get your encryption issues dealt with!
Secure email for secure business.