Almost 28 percent of small and medium-sized companies in Germany do not yet use email encryption. This was the result of a study commissioned by the Federal Ministry for Economic Affairs and Energy. Among the reasons, the respondents stated that their communication partners could not handle encrypted messages and that employees were not adequately technical. Difficulties in managing certificates are also often an obstacle.
Such concerns are justified, but can easily be removed with the right technology. This is where the eleven most common mistakes about encryption come from – and how they can be refuted.
Really not? Anyone who sends messages with personal data must encrypt them. This was already prescribed by the Federal Data Protection Act. With the GDPR, the regulations have become even stricter. Violations can now result in high fines. In addition, companies must report data breaches to the relevant supervisory authority within 72 hours and even notify the data subjects if there is an increased risk. However, anyone who uses email encryption is exempt from the notification obligation of the data subjects.
The question is rather: can you afford to do without encryption? A violation of the GDPR can be punished with sanctions of up to 20 million euros or four percent of global annual sales, whichever is higher. In addition, there is the damage caused by the loss of image as a result of a data protection violation. A good email encryption solution is certainly cheaper.
That’s right if you want to do everything yourself. Because with OpenPGP and S / MIME there are different encryption standards that are not compatible with each other. You may have to install a plug-in in the email client. Key management is also complex. However, there are solutions today in which the user does not have to worry about anything. Such encryption gateways are usually easy to implement and are also available in the cloud.
Yes, but it is very time-consuming. In addition, the user must know what he is doing. If he makes mistakes, communication is no longer protected. It is therefore advisable to use a solution from a certain number of users or with less technology-savvy users that automatically does as much as possible in the background.
No need. A corresponding encryption gateway automatically recognizes which technology a communication partner is using. So everyone can use the standard they want. However, the prerequisite is that no proprietary technology is used. In addition, a gateway should be used that supports the common encryption methods.
- The most important rules for mail, cell phone, social media …
… is summarized in this digital etiquette.
- Concise and precise …
… business emails should be written. Keep it very simple!
- spelling, orthography
Orthography errors should be avoided! If necessary, run a spelling program on the side.
- Pace …
… is the greatest advantage of electronic mail, which is why messages should always be answered as soon as possible.
It should be specific and meaningful. It is worth a little effort here.
- “Copy to” and “Reply to everyone” …
… should be avoided as far as possible, since nobody wants to have information avalanches that break over him.
- Legal regulations
Mandatory information about the company has been mandatory in Germany since the beginning of 2007 and must appear in the email signature at the end.
- Spam …
… simply ignore. “Unsubscribe” means that the recipient is at home and can therefore receive even more spam.
- Urgent cases ..
… do not always have to be handled by mail. In this case it is better to pick up the phone.
- Mobile phone break in meetings …
… is a naive but desirable utopia. A third of the employees also looks at their cell phones, according to a survey by the industry association BITKOM.
- Ringtones …
… please choose as discreetly as possible and switch off in the open-plan office.
- Business lunch
Place the cell phone on the table with the display facing down and switch to vibration.
- Calling colleagues …
… should be done at a proper distance. Having to listen to other people’s conversations can be exhausting.
Short and sweet is enough.
- Censor yourself
Do not post unfavorable pictures of parties or comments that colleagues and employers may find offensive.
- Advertising on social media …
… is taboo because “Friends” and “Followers” don’t want to be burdened with it.
- To give recommendations, …
… for example about films, products or books is always welcome.
- No photos from lunch, …
… because nobody cares.
In fact, email encryption is hardly common among private individuals and is usually perceived as too complicated. This is shown by a study by GMX and Web.de. Those who communicate a lot with people who do not use encryption can offer alternative solutions. One possibility is, for example, a secure web portal in which the recipient can pick up his encrypted message.
TLS is just a transport encryption. The technology creates a tunnel between two computers through which the e-mail is sent. For the sending and receiving computer, however, the message is in plain text and can be read, manipulated or copied. In addition, the email is passed from computer to computer on its way through the Internet before it reaches the recipient.
The sender cannot check whether each of the computers is actually building a new, secure tunnel. In addition to transport encryption, you should therefore use content encryption with OpenPGP or S / MIME. The content of the message is encrypted – except for metadata such as sender, recipient and sending date. Together, content encryption and transport encryption ensure a high level of protection.
Do you trust your cloud provider without limits? If he takes over both email management and email encryption, he also has your keys and can read the messages. Either you should separate email management and email encryption. Or you can use a solution that allows you to store your keys with you.
This is a problem with end-to-end encryption, because then the virus scanner and data loss prevention solution (DLP) cannot view the messages and consequently cannot examine them. However, there is also a hybrid approach: end-to-end encryption is used between the sender and the gateway. The message is made available in plain text at the gateway, checked for malware and content and then encrypted and transported back to the recipient’s mailbox.
No need. All e-mail clients available on the market today have integrated e-mail encryption based on S / MIME. It can be triggered at the push of a button. However, the user has to take care of the key management himself. Not so if he uses an encryption gateway to do this. Then you only need to click the encryption button in the email program to send a secure message.
If an archive system does not see messages in plain text, it cannot index them. This makes it difficult to find emails in the archive. However, this problem can be avoided if a proxy is placed between the archiving solution and the e-mail system. Emails can then be archived in encrypted form, but are also searchable because the content is indexed.
In fact, there is no longer any reason to forego email encryption today. Because nobody wants to risk that emails in plain text can simply be read if they fall into the wrong hands. With regard to personal data, secure communication is a must anyway. Corresponding encryption systems, which are based on standards, offer interfaces to archive and security solutions and are user-friendly, can remove all concerns. (hal)