“I’ll email you the contract as soon as we get off the phone” – everyone has heard this at least once. After all, email is still the most popular way to send information and files. But hardly anyone is aware that all of the information is sent in plain text. This is particularly risky in a business context, as emails and email attachments can be intercepted with relatively little effort.
As a result, many companies are looking for a solution that allows them to send sensitive files via email securely and in compliance with the GDPR. The two most common forms of traditional email encryption are the asymmetric encryption methods S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy).
These email encryption methods use asymmetric encryption, which uses two keys that must match. A public key is used to encrypt an email, and the email’s recipient needs the corresponding private key to decrypt it. The advantage of this method is that not only is the content of the email itself encrypted, but it also ensures that the sender is authenticated as the person they claim to be.
If you want to use these methods in the real world to send an encrypted email to contacts, you need to first install a security certificate on your computer and then send what is known as a “public key” to your contacts. At the same time, however, the recipient must also have a corresponding certificate installed and provide you with their public key so that you, in turn, can receive encrypted emails from them.
In May 2018, security experts revealed a security vulnerability (EFAIL) in the email encryption systems OpenPGP and S/MIME. Encrypted emails were vulnerable to attacks in the email programs Microsoft Outlook, Apple Mail, or Mozilla Thunderbird. This is a good example of why it’s impossible to rule out the possibility that further vulnerabilities may be discovered in the future.
Traditional email encryption applications that use these encryption methods and encrypt the entire email are therefore relatively complicated to use, as the emails often have to be accessed via a special website.
In many cases, however, encrypting the entire email isn’t even necessary, as the sensitive information (such as the contract mentioned earlier) is sent along with the email as an attachment. So the focus really needs to be on ensuring that, first and foremost, the attachment is transmitted in encrypted form.
DRACOON has developed a state-of-the-art Add-In for Microsoft Outlook (for Windows) for email encryption that makes everyday communication simple and secure.
Using this tool, file attachments are saved to a platform used to securely share information, where they are protected via comprehensive measures such as end-to-end encryption and password protection. The email attachments are then sent to recipients in the form of encrypted download links.
With end-to-end encryption – unlike simple transport encryption – it isn’t the individual sections of the transport layer that are encrypted, but each individual download link itself. To download the content using this link, users must enter the appropriate password. This can, for example, be sent directly from DRACOON via SMS.
This ensures that only the sender and the recipient can view the shared file. As a result, the download link cannot be decrypted by DRACOON as the software provider and potential attackers cannot manipulate the emails in transit. As such, only this technology fulfills the three objectives of the GDPR: confidentiality, authenticity, integrity.
Additional information about encryption can be found here.
This is how you communicate easily and securely via email – while still having full control over your files.
You can view the status of active download links at any time. If necessary, you can revoke or delete any download links that have already been shared. You can also copy a download link to the clipboard to share it with other people at any time.
Any time you attach files to an email, DRACOON for Outlook automatically replaces them with a download link. DRACOON does this by uploading the attachment to DRACOON, generating a share for the file, and inserting a corresponding download link into the email. At the same time, the attachment is removed from the email.
File requests can also be created via DRACOON for Outlook – external users can upload files or folders to data rooms they have access to via their browser.
Every shared file or folder can also be password-protected. For security reasons, the password should be sent separately – for example by SMS. This is also easy to do with DRACOON for Outlook.
Files received as email attachments can be uploaded and saved directly via DRACOON for Outlook.
Download links for files, folders, and entire data rooms that already exist in DRACOON can be easily created and sent via email.
Meet your email encryption and privacy needs with a simple Outlook Add-In – with DRACOON for Outlook, you can continue writing emails in your familiar working environment and add attachments of any size as needed. These are then sent as secure download links.
You can also save the email itself and/or the email body in DRACOON and send it securely as a download link.
You can also set a date for links to expire or limit the maximum number of downloads and set a password. You can then send the password to the recipient directly from DRACOON for Outlook.
This allows you to retain control of your data at all times.