Encrypting emails – which method is the most secure?
26 emails a day, 130 a week and more than 6,000 a year: according to a survey by the digital association Bitkom, this is the average amount of electronic messages that arrive in every professional mailbox – and the trend is rising. In addition to short, quick agreements between colleagues, they often contain sensitive personnel, project and financial data that we exchange with other people or companies on a daily basis.
E-mails are undoubtedly a convenient way of communicating, but in very simplified terms they are nothing more than virtual postcards that can be intercepted, read and even manipulated by third parties without adequate security measures. This means that only those who encrypt their emails and attachments can protect them from unauthorized access by others.
Different encryptions, different advantages
Even if the aspect of security concerns private individuals, it plays a particularly important role in companies. The Federal Data Protection Act therefore recommends encrypting emails containing personal data. In the professional environment, one of the following two methods is generally used: gateway/server or classic, client-based end-to-end encryption.
With gateway/server-based encryption methods, the e-mail is available in plain text within the company and is only encrypted at a central location when it leaves the company. As a rule, they do not require any client-side setup and involve less administrative effort for employees – a common disadvantage is the lower security standard.
Messages in client-based end-to-end encryption methods are encrypted directly in the email client, thus ensuring end-to-end encryption from one end (sender:in) to the other end (recipient:in). The decisive advantage of end-to-end encryption is the maximum level of security; the messages sent are encrypted at all times on the way between the communication partners, even the email provider has no access to the content and data is not available in plain text within the company either.
The disadvantage of client-based end-to-end encryption is the high level of effort involved and the associated application errors and lower acceptance by employees. But there are solutions to make it much easier to use.
Client-based/end-to-end encryption methods
Client-based/end-to-end encryption methods
Simple implementation of secure e-mail communication
Client-based end-to-end encryption can be divided into three methods: Symmetric, asymmetric and hybrid, a combination of the two.
Symmetric encryption works by the sender and recipient using the same key. What at first glance appears to be a simple solution has immense disadvantages for security. The keys must be transmitted electronically between the two parties and can be read out in the process.
In asymmetric end-to-end encryption, both parties use a key pair consisting of a private key (similar to a secret password) and a public key (similar to a user name that is shared). The latter is exchanged between the communication partners. As soon as person A has received the public key from person B, they can use it to write an encrypted e-mail. Person B then uses their private e-mail to decrypt it – this ensures that even sensitive data can only be read by the person for whom the e-mail is intended.
Does that sound too complex? No problem: As a company, you can use the Outlook add-in gpg4o® to specify that these keys are provided and managed by a central key server and distributed simply and securely through automated synchronization. Employees can also be provided with previously checked key material so that they do not have to deal with key management themselves. This significantly minimizes the effort required for client-based end-to-end encryption, making it one of the most secure methods for encrypting emails.