“I will send you the contract by email.” – Everyone has probably heard this sentence before, since the email is still the most popular way to exchange files and information. However, hardly anybody is aware that all information is sent in plain language. This is especially harmful in a business environment, as emails and email attachments can be intercepted with relatively little effort.
That is why many companies are searching for a solution to still send sensitive files securely and GDPR-compliantly via email. The two most common forms of classical email encryption are the asymmetric encryption methods S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy).
These forms of email encryption use asymmetric encryption, using two keys that must match. To encrypt a mail, a public key is used; the recipient of the mail needs the corresponding private key to decrypt it. This procedure has the advantage that not only the mail content itself is encrypted, but it is also guaranteed that the sender is authenticated as the one he claims to be.
If you want to use these procedures in practice to send an encrypted email to contacts, you must therefore install a security certificate on your computer and give your contacts a so-called "public key". At the same time, however, the recipient must also have an appropriate certificate installed and send you the public key so that you can receive emails again.
In May 2018, security experts published a vulnerability (Efail) in email encryption using OpenPGP and S/MIME. Encrypted emails were vulnerable to attacks in the email programs Microsoft Outlook, Apple Mail, or Thunderbird. Therefore, it cannot be ruled out that security vulnerabilities will occur again in the future.
Classic email encryption programs that use these encryption forms and encrypt the entire email are therefore rather cumbersome to use, as the emails often have to be retrieved via an extra portal.
However, it is often not even necessary to encrypt the entire email because the sensitive information (such as the contract mentioned at the beginning) is in the attachment of the mail. It is therefore necessary to ensure that, in particular, the attachment is delivered in encrypted form.
For email encryption, DRACOON has developed a modern Outlook Add-in (available for Windows), making the daily communication safe and easy:
The file-attachments are stored on a platform for secure information exchange. There they are secured with comprehensive measures such as end-to-end encryption and passwords. The mail attachments are sent as encrypted download links.
In contrast to pure transport encryption, end-to-end encryption does not encrypt the individual sections in the dispatch channel, but each individual share link itself. To download the content of the share link, you must enter the corresponding password. This can, for example, be transmitted directly from DRACOON via text message.
Therefore, only the sender and receiver can view the share. Neither DRACOON as the provider of the software can decrypt the share link, nor do potential attackers have the possibility to manipulate the emails on the way. Thus, only this technology fulfils the three goals of the GDPR: confidentiality, authenticity, integrity.
Click here for more information on encryption.
This enables you to communicate easily and securely by email— and at the same time have full control over your files.
The status of the active shares can be viewed. If necessary, an already granted share can even be withdrawn or deleted. In addition, a share link can be copied to the clipboard so that it can subsequently be forwarded to other persons for use.
When attachments are attached to an email, DRACOON for Outlook automatically replaces them with a share. The attachment is uploaded to DRACOON, a share for the file is created, and a corresponding download link is inserted into the email. At the same time, the attachment is removed from the email.
File requests can also be created via DRACOON for Outlook: External users can upload files to these data rooms or folders via their browser.
Each share can be additionally secured with a password. For security reasons, the share password should be transmitted separately—for example by SMS. This can also be done conveniently via DRACOON for Outlook.
Files received as email attachments can be uploaded and saved directly via DRACOON for Outlook.
Shares for files, folders, and entire data rooms that are already stored in DRACOON can be conveniently created and sent by email.
Fulfil your requirements for email encryption and data protection with an easy Outlook add-in:
With DRACOON for Outlook emails can still be written in the familiar working environment and as large attachments as required can be added. They are then sent securely as a share.
You can also save the email itself or the email body in DRACOON and securely transmit it as a share.
In addition, the validity period of the link or the number of downloads can be limited and a password can be set. The password can be sent directly from DRACOON for Outlook.
Therefore, you maintain the control over your data at all time.