Skip to main content

What is email protection?

Email is an indispensable communication tool in business. It is therefore crucial to have the right email protection. A secure email means that the emails you send, receive and store via one’s email accounts are protected against unauthorised access and exposure. But even if you have created the framework for a safe email, it is not actually a guarantee that emails that are sent, received and stored in one’s inboxes are secure. There is one element that is often forgotten.

This blog is about why email is not a secure technology and what you can actually do to get a secure email.

What email protection should cover

It can be a challenge to achieve a completely secure email, as the Internet as an open system continuously encounters new security threats. In order to ensure the best possible security and comply with GDPR, it is essential to establish a solid foundation for secure email communication. This foundation should include the IT security of your email client and the mail server you use.

Start your GDPR cleanup where it is needed the most

Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.

1. Email protection for your email client

A dedicated email service can effectively strengthen the security of sending and receiving emails. There are different solutions that offer secure email functionality, and the optimal choice depends on the specific needs of your company. Some of the most recognized email services for increased security are

  • Microsoft Office 365
  • Google Workspace
  • ProtonMail
  • Tutanota

2. Email protection for your mail server

An email is technically a digital file that is transferred via the internet and servers, it is crucial to ensure that both the sender’s and the recipient’s mail servers are well protected. This includes:

  • Install antivirus
  • Implement strong authentication
  • Enable encryption
  • Configure firewalls
  • Update software
  • Implement access control
  • Prepare a backup plan

The human element email protection miss

But even if you have chosen a secure mail client that supports the latest IT security and installed the best data security on your mail server, it cannot take into account the human element in relation to data protection.

The human element includes all the innocent mistakes people make that might lead to data leaks and breaches. In fact, unintentional actions of insiders are the number one cause of data breach incidents. Most of the time, these mistakes are made by employees. For example:

  • Sharing files with the wrong person
  • Reusing passwords or using weak ones
  • Clicking on bad links that slip by your anti-phishing software

Further, your customers and others outside of your company may make email mistakes that could make you liable for loss or harm to their personal data. For example, customers, potential employees, partners and others may:

  • Email personal data to you, perhaps without using encryption.
  • Send you unnecessary personal data that you did not ask for and should not have.

Once people’s personal data makes its way into your inboxes, whether you asked for it or not, you are responsible for tracking and protecting it. You are also liable if anything happens to it. Therefore, along with training your employees to use email safely, it’s up to you to make sure your customers have a safe way to send you data.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

Email protection that considers the human element

Although you have created the framework for a secure email, it is still unsafe to email. This is partly because you must ensure that the recipient also has a similarly framework, and partly because even if you have good data security in your mail client and on the mail server, you do not take the human element into account. In Safe Online, we have developed ShareSimple, which enables you and your employees to send and receive personal data securely. The solution does this by removing all data transferred via email clients and instead transferring it via an encrypted folder.

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →

GUIDE

How to handle sensitive personal data

GUIDE

How to find personal data with datamapping tool

GUIDE

How to prepare for a data audit