Filter by Category

How to Solve 4 Common Email Security Challenges

Emailing files between systems and users comes with some security challenges.

Yes. Emailing someone is still one of the easiest ways to share data. However, there are some important caveats to sharing files this way that can put your organization’s file transfers at risk.

Email File Transfer Challenges

These are the four big challenges that organizations should be aware of when transmitting files via email.

  1. Email is sent "in the clear" meaning that it is not encrypted, therefore can potentially be read by anyone seeing the traffic being sent across an internal network or the internet.
  2. Large files are most often not permitted by the email provider or the company email server. There is a good reason for this as disk space is very quickly consumed by unlimited use of email attachments and especially when "cc:" is used to send to multiple recipients.
  3. Some file types may not be permitted. The reason that some file types are restricted, especially on company email servers, is to protect additional attacks from virus and spyware programs that are disguised behind the .zip, .exe, or .dat file types.
  4. There are no good audit trails for the email transaction. Many companies are required under compliance regulations and other constraints to provide a detailed record of where their information is going, where it changed hands along the way, and whether it arrived at the intended destination. With email systems, this capability is either difficult to use or is non-existent.

Related Reading: Is Transferring Files Through Email Secure?

Secure Email Encryption Options

Again, the most critical reason for not sending information via email is that it is not secured. This can be addressed in several ways including these common encryption methods:

Which encryption standard is selected depends often on industry, trading partner, specific data base requirements, and other factors.

How Encryption Work for Emails

Open PGP Encryption

Using Open PGP to first encrypt the file before attaching it to an email can be used to send the file securely. This does not encrypt the body content of the email itself, just the file that is attached.

The recipient needs to create a Public Key and get it to the sender before sending the encrypted file. The recipient must also have Open PGP software and the skills to create these kinds of electronic keys.

Then the sender needs to install and encrypt the file using this specific recipient's Public Key. Finally, the recipient needs to decrypt the file with their Private Key. This method cannot be used to send files to multiple recipients. Most users do not have the knowledge to perform this kind of secure file exchange and will usually resort to finding other easier though non-secure methods.

Video: Tour Open PGP

Zip Encryption

Compressing the file using some freely available zip software can be used to secure the file as long as it has encryption capabilities such as AES included. After the file is zipped and assigned a password, it can be attached to an email and sent. The password would then need to be sent separately perhaps by phone call or another separate email. The recipient would also need to have software with the same encryption capability to decrypt and unzip the file. A downside of this method is many corporate email systems block .zip attachments for security reasons.

S/MIME

This encryption method requires that both the sender and the recipient email systems support S/MIME communications. The sender will need to create a certificate and send it to the recipient. The recipient would then need to know how to import the certificate into their email client. Once the certificate is in place, a secured email can be sent, received and decrypted.

Secure FTP (SFTP)

This method does not use email for sending the file but encrypts the file and sends it directly across a network or the internet using secure file transfer protocols. The sender needs to have a secure FTP client installed and the recipient needs to have a SFTP server setup. The recipient needs to set up a user ID and password for the sender. The sender can then log in with their secure FTP client and transmit the file.

Secure Mail Protects Email File Transfers

While each of the above methods allow the sender to assure that the file is secure, it doesn't address some of the other challenges, such as file types being blocked, or lack of audit trails. The inconvenience of using these methods prevents their widespread use and make users hesitant to use them and turn instead to those unsecure file transfer methods.

There are solutions available that combine the ease of using email together with the option to secure both the file and the text of the email. These solutions are generally referred to as secure mail or secure ad-hoc file transfer and can work well for collaboration.

Secure email uses the common Outlook email client in the form of an add-on utility and/or web client using secure HTTPS protocols. The sender simply creates the email using the email client with which they are already familiar, while the add-on feature provides a separate "Send" button that's designated for sending the file using secure methods. Done.

It's a very simple, user-friendly solution. The recipient gets the email with a link that redirects them to an HTTPS-secured web page with the files available to download. There are no certificates, electronic keys, or additional software combinations required for the sender or the recipient. Any files remain on the sender's secured network and there are no file size limitations. A very detailed and easily accessible audit log is kept for every single secured email transaction.

See How Easy Secure Mail Can Be

Check out this webinar to learn how incorporating GoAnywhere's Secure Mail functionality can ensure your next email and its attachment is delivered and received securely.

Watch the Webinar

Related Posts


Keeping File Transfers Secure from Hackers and Cyber Threats

How easy is it for hackers to gain access to files that you send or receive from trading partners? Unfortunately, all too easy. Use the tips in this article to keep your file transfers, passwords, and user credentials secure and compliant with today's data security standards.


Encryption for Exchanging Files

Selecting the right encryption method for securing data transfers can help shield against incidents that can wreak havoc with your budget, reputation with your customers, and cost precious time and resources.


How Encryption Works: Everything You Need to Know

Encrypting files helps defend against cybersecurity threats. Learn more about how it works and what method, combined with GoAnywhere MFT, is recommended depending on your specific needs.


Why You Should Use File Encryption Software

Encryption is the “key” to keeping your data safe. File encryption software that secures sensitive files at rest and in motion is essential when it comes to guarding against cyber threats and complying with regulations.


Everything You Need to Know about Open PGP Encryption

PGP Encryption is "Pretty Good," widespread, and popular. Find out everything you need to know about PGP Encryption here.