What is a safe mail?
Despite being over 50 years old, email is still, statistically, our preferred way of communicating at work. Mail is a universal and standardised means of communication that works across different providers, platforms and devices. Unfortunately, email has also become the main entry point for cyber attacks. In recent years, cybercrime has escalated, and therefore there has been an increasing focus on having a secure email.
This blog is about the 3 steps you should focus on before getting a secure email in your company.
Why is it important to have a safe email?
Mail has become the most widespread form of communication for companies. This applies both in direct communication to the outside world and in relation to email marketing. A secure e-mail is thus an essential part of any organisation’s security strategy. It is also crucial for companies in terms of complying with data protection legislation. With security threats on the rise, a secure email is a fundamental measure to protect valuable information sent via email, including privacy information.
Secure email and GDPR
The GDPR sets requirements for the protection of personal data, also when it is transmitted via e-mail. It is required that personal data is transferred in a secure manner and that appropriate technical and organisational measures are in place to protect personal data against loss, theft or unauthorised access. There are mainly 3 areas that GDPR focus on:
- Email policy: It may be a good idea to have a policy for the use of e-mail that describes how personal data must be transferred via e-mail and what security measures must be taken to protect personal data.
- Control: Email accounts that contain personal data must be protected by strong passwords and two-factor authentication to ensure that only authorised people have access.
- Security: Companies must use a secure mail client with security settings that comply with privacy requirements.
Read more about when sensitive data is transferred via email.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
How to get a safe email
It is problematic to get a completely secure email because the Internet is an open system and therefore exposed to constantly new security threats. In order to protect yourself, you should create a basis for getting a secure email – a basis that contributes to complying with the GDPR. This basis should include the following:
- Email client: Use an email client that supports the latest security standards
- Mail server: Make sure to configure the security settings on your email server
- Email practices: You should ensure that employees have a secure practice for sending, receiving and storing emails
The latter point in particular creates a major challenge for email as a secure form of communication. Although as a company you have created the technical foundation for having a secure email, you are dependent on the employees having a secure email practice.
1. Choosing a secure mail client
An email service that is dedicated to sending email can help you send and receive emails securely. There are several solutions that offer secure email functionality, and the best choice depends on the company’s needs and requirements. Here are some of the most popular email services for secure email:
- Microsoft Office 365: Microsoft Office 365 has a number of security features that make it a secure option for businesses looking to protect their emails. This includes multi-factor authentication and advanced protection features against phishing and malware. Read how to get a secure email in Outlook.
- Google Workspace: Google Workspace (formerly known as G Suite) also offers a number of security features, including end-to-end encryption, spam filtering, and malware protection.
- ProtonMail: ProtonMail is a free email service known for its security and encryption. Emails on ProtonMail are end-to-end encrypted and protected by a strong password.
- Tutanota: Tutanota is another free email service that offers end-to-end encryption. Emails on Tutanota are also protected by a strong password.
2. Set up security on your mail server
An email is a digital file sent via the Internet and servers, from the sender’s to the recipient’s mail server. It is stored on mail servers at both sender and recipient and can be accessed or downloaded to personal devices. It is therefore important that the mail server for both sender and recipient uses the right IT security. This includes the following:
- Install Antivirus: Install and update antivirus and antispam software to filter malicious emails and protect against malware and phishing attacks.
- Implement strong authentication: Use multi-factor authentication (MFA) and strong passwords for all users to improve security against unauthorised access.
- Activate encryption: Ensure all data transfer is encrypted with TLS (Transport Layer Security) to protect data in transit and in rest.
- Use firewalls: Configure a firewall to block suspicious incoming and outgoing traffic and define what types of connections are allowed.
- Update software: Keep the server’s operating system up to date with the latest security patches and updates.
- Set up access control: Define strict access policies and limit user rights to access only necessary resources.
- Make backups: Make sure you have a plan to recover data in case of data loss.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Best practice when you mail
A secure email practice is essential to protect personal information and avoid data breaches. Many cyber attacks begin with an action taken by an employee that results in a cyber attack on the entire company’s systems. Bad e-mail practices include sharing personal information without request, storing e-mails for too long and clicking on unknown links, etc. To protect personal data and comply with GDPR, employees should be informed about good practices for sending and receiving e-mails.
How we can help you
Although email is the most popular form of communication in business, it is a challenge to have a secure email for many reasons. At Safe Online, we have developed an application for Microsoft e-mails, ShareSimple. ShareSimple makes it possible to share personal and sensitive data securely in Outlook so that it happens automatically. The program has been developed for small and medium-sized companies, which means that it is simple to install and user-friendly to use.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →