How Do You Know Your Emails Are Being Encrypted?
Email encrypting is something seldom thought about, yet essential in many different industries, including all of those required to comply with HIPAA regulations. Encrypting emails can be a bit of a process at times but is not that difficult to set up and shouldn’t give you too much trouble. However, once it’s set up, it doesn’t necessarily mean your emails will stay encrypted no matter what. People don’t normally realize this, probably because there is no notification that informs you. No blaring red lights, no sirens or alarms to grab your attention. It just stops working. This can be a major issue for companies that send PII, PHI, or other high value information through their emails. That being said, what causes these encryptions to stop working and what can you do to make sure your emails are encrypted?
It’s going to be difficult to get into nitty-gritty details about email encryption because of all the different email providers that are used every day, but I will go over some of the broader examples. All Gmail accounts have a TLS connection. TLS stands for Transport Layer Security and is a basic form of email encryption that protects the email from being intercepted by sending it through an encrypted channel. This will happen unless a secure connection isn’t available for both the user and the sender. If that happens, the email will be sent without TLS over a non-secure connection. How do you combat this problem? You can configure TLS compliance so that a secure connection is required in order to send that email. You can follow the steps posted by Google here to configure that setup.
There are a few other ways that your email encryption may be disabled. It’s possible if you go through a major anti-spam software change, or if your company goes through a project migration. This is especially true if you have extra layers of email encryption on top of the standard protections your email service gives you. That being said, how can you check to see if your emails are still encrypted? What you can do is check in the header of the email received, or the “source” of it. How to go about viewing the full header of an email varies depending on the provider being used, but there is often a tab the says “view original message” or “message details” at the top of the email that will take you to the full header. A quick google search on how to find the header for whatever email provider you use will give you exact instructions if you need it. For Gmail, you have to click the “more” down arrow on the upper-right side of the email and then click “show original” in the drop-down menu. This will take you to the full header so you can examine the details of the email.
Looking at the full header can be a little intimidating, but luckily you don’t need to understand what it is saying for the most part. All you need to do is check in the header around the line that says “Received” for key words that inform you that the email has been encrypted. The exact words that are in the header vary depending on the provider, but some of the common words you want to look for include “TLS”, “encryption”, “SSL”, etc. Some word that shows there was encryption. If you see one of these key words it means that your emails are encrypted. Otherwise, you are unprotected and the emails you send are vulnerable to hackers. Checking email encryption is rarely discussed, but with the ever-growing threat of security breaches in our professional world, it is a very important component. You can never be too safe when it comes to email encryption.