logo
TitanHQ

Why Should you Review your Office 365 Email Encryption Setup?

Posted by Trevagh Stankard on Tue, Jan 18th, 2022

Organizations need a way to minimize the risk of data loss via email. The best way to do this is to use email encryption so that only the intended recipient can access the email. To make email encryption user-friendly and remove the chances of human error, EncryptTitan provides an Office 365 email encryption plugin.

This short blog post will give you an overview of what things to review when setting up your Office plugin. By walking through these considerations, you can ensure that sensitive emails are always encrypted.

Does my Company Really Need to Encrypt Our Emails?

If you use email and those emails could contain sensitive or personal data, then you should use email encryption. A previous TitanHQ blog post on “How Does Email Encryption Work and Why Use It?” mentions that the UK’s ICO found that emails are the biggest contributor to cybersecurity incidents.

Emails are like a leaking tap for data unless you use something to plug the leak. This is where encryption comes in. Encryption is used to protect emails both during transit and end-to-end so that only authorized recipients can read the email. If left unencrypted, sensitive emails can be sent to the wrong recipients (misdirected) or intercepted by malicious entities. 

But email encryption needs to be a seamless and integrated part of an employee’s workload, otherwise, they may find ways around using it. To ensure that sensitive emails are protected a two-pronged approach is needed to provide the belt and braces to deliver robust security. This comes in the form of automated email encryption using subject line keywords as a trigger to encrypt, and the use of an Office 365 plugin to give employees the power to encrypt emails they know contain sensitive information.

Sign up for a FREE Demo of EncryptTitan to learn how email encryption works with Office 365.

Book Free Demo

Important Aspects of Office 365 Email Encryption Setup

All email encryption plugins will encrypt emails, but certain features define the best of the available solutions. These features should be part of your fit-for-purpose review of your technology choice, and include:

Tight Integration

Integration with Office 365 Outlook is vital to ensure seamless encryption. Installation and setup of any Office 365 email encryption plugin must be deeply and intrinsically integrated with the Office 365 Outlook platform.

EncryptTitan, for example, is an email gateway that is fully integrated with Office 365 Outlook. As a gateway, EncryptTitan is configured to add a layer of encryption control to any emails that are created using Outlook 365. In this way, EncryptTitan acts as a guardian of corporate emails, inspecting them for the triggers and rules that decide if the email must be encrypted. If those triggers are pulled, the email is encrypted and any additional controls, such as an expiry date, are applied.

Default Encryption

An Office 365 email encryption plugin must have the option to set emails as “Always use Transport Layer Security (TLS)” and the digital certificates used for TLS must be “Issued by a trusted certificate authority (CA)”. This is an important setting to ensure that emails are always exchanged across an encrypted connection. Without this in place, emails may be sent as clear text and easily intercepted by malicious entities.

The Rules of Encryption

Rules that determine the how’s and why’s of email encryption are an important way to ensure that the correct application policies for email encryption are enforced. Rules should be granular and allow a choice in severity settings; for example, a setting “Audit this rule with severity level x” can ensure that encryption is always applied under given circumstances.

Rules need to be able to capture the various aspects of email content from the recipient to the sender to attachment type, and so on. Having this level of granularity provides greater levels of protection, whilst maintaining good solution usability. The latter is important to avoid human error and to prevent security fatigue in users.

Source: EncryptTitan Rules Setup Screen

Email Client Agnostic

The authorized recipient of an email encrypted using an Outlook plugin should not need to have an Outlook client to access the email. Even if an Outlook 365 plugin is used to encrypt an email, a recipient should be able to open it using any other email client. The process to access an encrypted email should also be simple but secure.

Replies Encrypted

If a recipient replies to an encrypted email, is it vital that the full thread of the returned email is also encrypted. If not, a security gap will open that can then be exploited, or an accidental data leak can occur.

Sign up for a FREE Demo of EncryptTitan to learn how email encryption works.

Book Free Demo

How Does the EncryptTitan Office 365 Email Encryption Plugin Work?

Microsoft Office 365 is used by over one million companies worldwide. Outlook is also the most popular email client for businesses. The EncryptTitan Office 365 email encryption plugin works within this popular email client to make email encryption seamless. Once installed, an employee simply clicks to encrypt an email before sending it to the recipient(s).

EncryptTitan for Office 365 has several features that help to remove human error and make email encryption more natural to use, these include:

Prompt To Encrypt

A configuration setting in the EncryptTitan Outlook plugin ensures that if a recipient is outside of the company domain, the sender will be ‘prompted to encrypt’ before the email is sent.

Email Expires After

EncryptTitan offers an optional security extra to allow a sender to decide how long a recipient can access a message. The recipient will then only be able to access the encrypted email and any attachments within the time set. After the email expires, it will be automatically deleted from the TitanHQ Secure Portal. This extra feature is useful for demonstrating a commitment to data protection regulations.

Recall Email

If an email was sent to the incorrect recipient or the wrong attachment was sent, a sender can recall the email. This action deletes it from the Secure Portal making it impossible for the recipient to open the encrypted email.

Attachment Encryption

All attachments should be encrypted, by default, if the email is encrypted.

What Happens When Someone Receives An Encrypted Email?

Emails that are encrypted using the EncryptTitan Office 365 plugin can only be opened by the intended recipient(s). When a recipient receives the encrypted email, they will need to prove their identity to open the email and any attachments.

Any Outlook 365 plugin used for encryption MUST be able to enforce the level of access control. EncryptTitan uses a secure portal to manage first and future secure access. Within the portal, a high or low level of security determines the amount of additional verification a recipient must go through to open the encrypted email. A high-security setting requires that the recipient uses a unique verification code, or “one-time password” (OTP) provided by the sender.

TitanHQ’s tips for Office 365 email encryption setup are fundamental in creating a robust but usable email encryption system. If you’d like a demo of how EncryptTitan can keep your email-borne data safe, Book FREE EncryptTitan Demo.

Sign up for a FREE Demo of EncryptTitan to discover how EncryptTitan can help your business with email encryption.

Book Free Demo

Never Miss a Blog Post

Sign-up for email updates...

Free Demo
TitanHQ

Talk to Our Email and DNS Security Team

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us