Secure communication: How to encrypt and sign your emails

1. June, 2021

Both because of the EU GDPR and as a measure to protect against cybercrime, it can make sense to encrypt and sign digital messages. While encryption ensures that emails can only be read by the recipient (or the recipient’s email account), a digital signature confirms that a message was actually sent by the indicated sender (or the sender’s email account).

Encryption of personal data minimises the risk of a data protection incident. It is considered the best way to protect data in transit and is a way to secure stored personal data. [1]  It also prevents fraud scenarios such as identity theft, fraudulent orders or the hacking of an entire account.

Encryption of the connection (SSL/TLS)

As soon as the connection to the email provider is not encrypted, other users in the network can access login data and view messages that are being sent or received. Therefore, the entire data exchange between client PC/browser/mail programme on the one and the server on the other side should only run via SSL (Secure Sockets Layer) or TLS (Transport Layer Security). This is the same security scheme that is used, for example, for online banking and online shopping.

Regardless of whether emails are accessed via a browser on a desktop, laptop, smartphone or tablet – it is worth taking a look at the address bar: if it starts with https (instead of just http), SSL/TLS encryption is activated.

Encryption of emails (S/MIME)

For secure communication via e-mail, either the encryption functions of the mail provider can be used or corresponding software can be installed or a client add-on can be used. Most forms of e-mail encryption – including the two most common asymmetric encryption methods today, S/MIME (Secure/Multipurpose Internet Mail Extensions) and Open PGP (PGP stands for Pretty Good Privacy) – require that a security certificate be installed on the computer and that a “public key” be transmitted to the contacts. This enables the recipients to decode the message.

Support for the S/MIME standard is pre-installed in many e-mail programmes, including Microsoft Outlook. The Microsoft support page describes how to activate the feature in different Outlook versions. In addition, browser add-ons such as Gmail S/MIME for Firefox support encryption for web-based email services.

Signing messages digitally

Unlike a “normal” signature, which can be attached to an outgoing message and can be freely copied, a digital signature can only be used by the respective owner. The digital signature therefore enables the authenticity of the sender to be verified and helps to prevent manipulation.

This function is also important if e-mails are used as a substitute for fax messages with personal data and manual signatures. Instructions for setting up digital signatures for individual or all outgoing messages can be found on the Microsoft support page.

Source:

https:/dsgvo-gesetz.de/themen/verschluesselung/ (German)

Worth reading:

Making e-mails more secure: Effective protection against sender fraud

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download