Yves Lacombe from Vircom is back to talk about email encryption. Is encryption the solution to email hacking? How does it protect privacy? Yves has the answers.
In our October WOOF! issue, we talked about email security with Yves Lacombe of Vircom, one of PlanetMagpie’s longest partners. The full article is on PlanetMagpie.com if you missed it.
For this month’s issue, we asked Yves for his thoughts on email encryption. According to Yves, email encryption has some notable benefits for businesses. Here’s the interview.
Thanks for coming back to talk on this, Yves.
No problem! Like I said last time, this is important material to cover.
When did Vircom start offering email encryption as part of your modusCloud email security service?
Around 7 years ago. The same year we partnered with Proofpoint to create the modusCloud solution.
How do hackers intercept emails and their attachments in the first place? Does it matter where the emails are hosted (on-premise, in MS365, or Google Workspace)?
Unfortunately, it doesn’t matter.
Hackers often intercept emails via one of two methods:
- Man in the Middle (MITM) attacks. This happens when a hacker taps the traffic between a sending email server and the receiving email server. They normally do this at a lower level than the protocol level, so administrators don’t
see it unless they’re looking for it. Once the hacker sees the traffic, they can copy out whatever information they find. Including the body of your email.
- Email Account Compromise. The hacker gets a hold of your email login & password. This is why you see phishing attacks all the time—they're after people's credentials. If they manage to get your email credentials, they can
access your mailbox whenever they like. Since most people keep their mail for years, hackers can easily get access to a lot of information this way.
That’s scary. How does encryption put a stop to this?
Full-body encryption basically puts a barrier around the email message itself.
If you send an encrypted email to someone, they can only see it with their “Mark1 Eyeball” (their own eyes). Why? Because they have to log in to a special portal to see the email.
They never actually receive a copy of the email in their inbox. Instead, they get a notification, saying an encrypted email has come in. The notification takes them to Proofpoint's encrypted message portal & prompts them to log in.
The encrypted email stays in the Proofpoint message portal for only 14 days. After that, it’s deleted.
This greatly reduces the email’s vulnerability footprint. You can’t steal what you can’t see.
Is it easy to use modusCloud’s email encryption? What’s the process for making use of it?
Yes, it’s very easy. If you want to send an encrypted email, you have two ways open:
If your business uses the Vircom Spam Reporter plugin, there’s an extra “Encrypt” button in your email client. Click it to mark the email for encryption. You’ll get a “Secure Email Sent” notification to confirm afterward.
If your business doesn’t use the Spam Reporter plugin, you can still trigger encryption in each email. Put the word "[encrypt]" (in the brackets) in the email’s subject line. modusCloud does the rest.
Two methods! What about the recipient though? What do they have to do to read the encrypted email?
This is where the encrypted message portal comes into play.
Recipients receive an email saying, “You have an encrypted message.” It includes a link to the portal. Once you click the link, you’ll be asked for login credentials.
First time receiving an encrypted email? The system will ask you to set a username & password. Afterward, you’ll have those, so you can just log in.
Once you’re in, you’ll see that the message portal works like any webmail client (like Gmail). You can read your encrypted email, reply from there, whatever you want.
So overall, it’s very easy to use. And a whole lot more secure.
What types of emails should always be sent using email encryption and why?
Anything you don’t want prying eyes to see.
- Financial transaction and bank information
- Credit Card information
- Social Security Numbers
- Patient-related information in the medical field
- Intellectual Property
Basically, anything that could hurt you if it fell in the wrong hands.
Do you see any changes coming up in the future regarding email encryption? Anything to make sure recipients can validate their identity, like MFA for instance?
In the mid-to-long term, we may make some changes around access & ease of use.
One thing to keep in mind is that modusCloud automatically deletes encrypted emails after 2 weeks. That means a bad actor (e.g. cybercriminal or hacker) would need two things to steal any information from them...your Emergency Inbox credentials, and knowledge
of when to check the Inbox for new messages.
Both of those are hard to get with our system, but it’s technically possible. We’re working on that.
(An easy way to avoid this is to delete your encrypted emails when you’re done with them. It’s called “forced expiration.” You’ll find the option in the message portal.)
Can your email encryption be branded for each customer using their logo/color scheme?
Yes! Simply edit the branding on the modusCloud account by changing the logo and/or color scheme. Those changes populate to the user interface, the Quarantine digest emails, and the encryption notifications.
Thanks again Yves! This is great information for our customers.
Interested in modusCloud email security and encryption? Contact us at firstname.lastname@example.org.