Smartlockr Blog: Email and Data Security

Secure email solution: 10 must-haves for information security

Written by Smartlockr | Oct 30, 2020 1:53:52 PM

You are about to choose a secure email solution. Great, but what exactly do you pay attention to? What is important when it comes to the security of personal data and other sensitive data? Of course, you do not want to be the next organization with the Data Breach Reporting obligation to report this.

We have compiled a list of the 10 must-haves that you cannot miss:

 

1. Notifications of sensitive content when composing a message

What if you can be made aware of the sensitive data you are processing during e-mail? That would save a lot of hassle afterwards. You know immediately that you are processing sensitive data (for your organization) and can apply the appropriate security options.

And that is important. You then ensure that sensitive data does not leave the organization unnoticed. And perhaps more importantly, that sensitive data is not shared with the wrong recipient.

2. Set up content filters

With content filters you can determine yourself which information needs extra security. An example: an organization in the financial sector could provide additional security for financial data, such as an account number or credit card details. This can be done by including words (“account number”) or regular expressions (“3243-2340-2342-5530”) in the content filter. If this content is processed in an email, the user will be notified here upfront. By doing so, it´s aware that the message contains sensitive information.

3. Two-factor Authentication (2FA)

Data exchange between persons should only remain between these persons. The last thing you want is for unauthorized persons to gain access to your data. With 2FA you ensure that only those for whom the data is intended can view it. With an extra authentication step, such as an SMS by telephone, you reduce the chance that everyone can access your data just like that.

4. Zero-Knowledge end-to-end encryption

Data encryption is part of the transmission of sensitive data. If you do not use this, there is a good chance that your data could end up on the street when intercepted.

To prevent this, it is important to send all data end-to-end encrypted. Your data is encrypted and then sent encrypted to the recipient, who can then decrypt all data with the enclosed key. In this way, no intermediary can access your sent data, not even the supplier of the secure e-mail solution. This is where the zero knowledge in encryption comes in.

5. Confirm recipient(s) and file(s) before sending

The biggest type of data breach is the sending of data to the wrong person. How can you prevent this? By confirming, as the sender, the recipient (s) and any attached file (s) before sending. This way, you avoid sending financial data to a customer Sarah, for example, instead of your colleague Sarah..

6. Block sent emails, file(s) or recipient(s)

Have you still sent something wrong? Then it would be nice if you could still block incorrectly sent information. This prevents data from being viewed by the wrong person, resulting in a data leak.

7. Retention period

Suppose you want to share a very privacy-sensitive file with someone. All you want is for this person to see the data immediately. After that, the data can be destroyed. By setting a retention period, you can leave files accessible for a specific period of time. This prevents sensitive data from remaining available for too long within different inboxes, when that is no longer necessary. This way you better manage who has what information and you reduce the chance of data interception.

8. Integrations with an API or SMTP Relay Service

Within your organization you work with countless systems and programs. The last thing you want is for your employees to be saddled with complicated (work) processes. By easily integrating secure e-mailing into the existing work process, you can continue to work efficiently as an organization.

By being able to easily integrate with a solution that also integrates easily with third parties, you can gain a lot of business benefit from this. Think of an API for integration with, for example, your EHR or DMS system or an SMTP Relay Service that can secure emails in the background.

9. Upload request

Do you often receive files? Then take a look at the use of an upload request. As a sender, you simply send this, after which the recipient can simply and safely return the requested files.

The advantage? You immediately receive the correct files, you can ensure that the right people within the organization receive a notification of incoming files and you can easily have the files delivered to the right department (s) or p.

10. Automated activation of the solution

Mistakes are made by the lack of awareness. That is why it is important that it is always made easy for the sender when it comes to secure mailing.


Which functionalities are important, of course, depends on the wishes within your organization. It is therefore good to see what is offered per supplier.