Skip to content
media-podcast-icon Blogpost

Email encryption | 7 best practices

Time to read 6 Min

You know it and you hate it: the never-ending stream of scams, thefts, harassment and intrusions made possible by the simple fact that everything we write in emails can potentially be intercepted. The solution? Use encryption to protect the privacy of your email messages.

Published by


Simone Catania


Combination lock with an at sign and an e-mail icon in front of a pink triangle

Digital communication is a critical aspect of the modern business world. As part of this, email has far outperformed all other forms of digital communication to become the preferred channel for businesses of all sizes. Yet such a simple activity causes no small number of headaches. Today, sending emails entails meeting specific technical and legal requirements to avoid third parties intercepting sensitive information and data and breaking the law.

The situation has become even thornier with the enactment of the EU Data Protection Regulation (GDPR), which has brought some changes to the playing field.

In this article, we introduce you to the relationship between email and GDPR and then explain the importance of encryption to secure email communications. Finally, we also share seven best practices to apply email encryption successfully. Don’t miss it.

Illustration of GDPR-compliant email requirements: 1) Meeting internal compliance guidelines by obtaining user consent and maintaining data accuracy, 2) Making strategic security decisions like encryption and data minimization, and 3) Implementing measures such as staff training and regular audits.

Does the GDPR apply to emails?

Do emails fall under the scope of the GDPR? There is hardly a single IT process that is not affected by this European law. So the answer to this question is very clearly yes. The GDPR does not apply to a tool, be it email, website, or newsletter, but to personal data in general. Therefore, any personal data processing is subject to the European Regulation, regardless of the means. The email address itself is to be considered personal data. This means that the general principles of the GDPR have to be respected even when sending emails. This, in turn, means that measures and strategies must be put in place to comply with the regulations.

We explain the necessary measures and solutions for GDPR-compliant use of emails in business environments and outline a best-practice scenario in our e-paper.

Why do you need email encryption?

One of the major changes resulting from the introduction of the GDPR is the requirement to encrypt emails containing personal information. Many lawyers argue that this new law mandates email encryption by default. Although it is not clear at this time whether this is actually the case, it is worth thinking about the consequences of this activity if you have not already done so. Without a method that can encrypt your email communications, the risks to you and your business are very high.

Your messages can potentially be read by anyone. So just think about the dangers of communicating information like bank data, business plans or future strategies related to your business in plaintext.

To protect your emails, you should choose end-to-end encryption. This not only prevents your data from being hacked, but also prevents anyone from accessing your inbox. The only person who should be able to read your messages is you!

Two methods to encrypt email communication

There are currently two different methods to encrypt email communications. One secures the transfer channel, while the other protects the message itself.

1. Transport encryption

Transport encryption means that emails are encrypted when they are sent (transferred) from one server to another. The emails are encrypted when they leave one server and decrypted when they arrive on the other server. An important point to note is that this solution does not encrypt emails when stored on the server!

For transport encryption, the POP3S email transfer protocol is generally used to send encrypted emails with a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) certificate. TLS blends with POP3S to create an encryption tunnel known as site-to-site or end-to-end encryption. This solution is excellent when connecting two servers. However, when sending and receiving emails today, we connect with hundreds of different email servers without using a direct connection. It is more likely that we connect to other servers in between, through which our email must pass. For this reason, we should not solely rely on this solution, but should implement additional encryption measures.

2. Content encryption

Another method to send and receive secure emails is to encrypt the content, as opposed to the network tunnel through which it is transferred. The most common standard used for email content encryption today is S/MIME (Secure/Multipurpose Internet Mail Extensions). The S/MIME standard is based on asymmetric encryption that uses a public and private key pair. The sender encrypts the message with the recipient’s public key (not the sender’s) and is decrypted by the recipient with their private key.

7 tips for secure business email communication

There are some best practices to make sure your emails are safe. We’ve compiled seven tips to secure email communication against data breaches.

1. Start with an audit

The process that should lead your business to have secure email communication systems can only start with an audit and an analysis of what needs to be protected. Ask yourself:

  • Who sends which data to which addressees and how often?
  • Which standards does the current supporting IT infrastructure fulfill?
  • Do these reduce the risk?
  • And do they meet the legal requirements?

Find the answers to those questions before planning the next steps.

2. Train your staff about safe emails and encryption

Encryption only makes sense when everyone within the company regards it as a sensible measure and uses it correctly. Offer training and internal guides to inform the entire team about how to use email safely and the importance of encrypted communications on the internet.

3. Encrypt your systems with digital certificates

Emails, especially those containing critical information for the business, should always be encrypted! TLS and S/MIME certificates are the most suitable options to offer the highest level of protection and reduce the risks in email communication.

4. Protect your passwords

Is your business dealing with external or internal sensitive data? You might want to add an extra security layer to your email communication. In this case, use a separate communication channel to share your passwords and maintain secure access to sensitive information.

5. Combine both encryption methods

Choosing only one encryption method would leave the door open for data espionage. Combine TLS and S/MIME encryption for the best email security.

6. Do not overlook internal communication

Don’t forget about internal email communication. Achieve complete end-to-end encryption within your company to minimize the risk of data theft within your own digital walls.

7. Select a competent partner

Rely on a professional encryption provider that offers a wide range of certificate types from all major CAs and innovative implementation tools. InterNetX gives you access to one of the largest TLS/SSL & S/MIME portfolios on the market.

Encrypt your emails with a professional solution

With a wide range of encryption solutions from leading encryption providers like DigiCert, InterNetX also gives their partners access to AutoDNS, the state-of-the-art platform for professional domain and certificate management. This helps you to reduce risk and actively respond to cyberthreats while managing your digital assets effectively.

Encryption is a powerful tool in email communication. It protects the privacy of your emails and the data they carry and allows you to be GDPR compliant. And on top of all this , it brings you peace of mind, knowing that your emails are safe from third parties and phishing scams that aim to extort your private data.

Go to our encryption services icon-arrow--right