"I'll email you the contract right away." You are certainly not unfamiliar to this sentence, because a lot of data is still preferably transmitted by email. But hardly anyone thinks about the fact that every piece of information in an email is sent in plain text by default, making it a popular attack surface. This is often the undoing of companies in particular, because email attachments, as well as emails, can be hacked very easily. The EU GDPR also clearly regulates how sensitive data may be sent by mail. In addition, KRITIS companies must also meet special requirements if they want to transmit data in this way.
As a result, many companies are looking for a solution that allows them to send sensitive files via email securely and in compliance with the GDPR. The two most common forms of traditional email encryption are the asymmetric encryption methods S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy).
These email encryption methods use asymmetric encryption, which uses two keys that must match. A public key is used to encrypt an email, and the email’s recipient needs the corresponding private key to decrypt it. The advantage of this method is that not only is the content of the email itself encrypted, but it also ensures that the sender is authenticated as the person they claim to be.
If you want to use these methods in the real world to send an encrypted email to contacts, you need to first install a security certificate on your computer and then send what is known as a “public key” to your contacts. At the same time, however, the recipient must also have a corresponding certificate installed and provide you with their public key so that you, in turn, can receive encrypted emails from them. Traditional email encryption applications that use these encryption methods and encrypt the entire email are therefore relatively complicated to use, as the emails often have to be accessed via a special website.
As well, when using email encryption with OpenPGP and S/MIME, the IT department is faced with a large amount of work: valid certificates for this form of encryption must be renewed annually. This not only takes recurring money, but also IT resources, because the replacement must be carried out by experienced IT specialists.
In many cases, however, encrypting the entire email isn’t even necessary, as the sensitive information (such as the contract mentioned earlier) is sent along with the email as an attachment. So the focus really needs to be on ensuring that, first and foremost, the attachment is transmitted in encrypted form. Nevertheless, there are also emails that are subject to the highest security requirements - here it is necessary to send the entire email encrypted.
DRACOON has developed a state-of-the-art Add-In for Microsoft Outlook (for Windows) for email encryption that makes everyday communication simple and secure.
Using this tool, file attachments are saved in the DRACOON platform, where they are protected via comprehensive measures such as end-to-end encryption. The email attachments are then sent to recipients in the form of encrypted download links.
With the new full email encryption, DRACOON for Outlook offers a highly secure method for sending emails that have special security requirements. The term full encryption refers to the fact that both the email message itself and any file attachments are encrypted on the client-side before being delivered to the recipient via DRACOON.
If you want to encrypt an entire email with DRACOON for Outlook, the email message is automatically converted into a client-side encrypted PDF file on the sender's PC and uploaded to an encrypted data room in DRACOON together with any attachments of the email. The actual email message with attachments is not sent via Outlook—instead, the recipient automatically receives a notification email with a password-protected share link where he can securely download the PDF file with the email message and the file attachments from DRACOON. When downloading, they are decrypted by entering the password and can then be opened by the recipient.
Even if the internal processes of full email encryption are complex, it is still easy and convenient to use for both sender and recipient. Compared to regular email, only one additional step is necessary: The sender just has to specify or have a password generated for the email and forward it to the recipient manually (e.g. via chat) so that the recipient can decrypt and open the email using the password. Everything else is done automatically by DRACOON for Outlook.
Therefore DRACOON includes for each user besides the secure storage location for all data a GDPR compliant solution for email encryption - so you can communicate easily and securely via email - and have full control over your files at the same time.
Any time you attach files to an email, DRACOON for Outlook automatically replaces them with a download link. DRACOON does this by uploading the attachment to DRACOON, generating a share for the file, and inserting a corresponding download link into the email. At the same time, the attachment is removed from the email.
You can view the status of active download links at any time. If necessary, you can revoke or delete any download links that have already been shared. You can also copy a download link to the clipboard to share it with other people at any time.
Shared files or folders can also be password-protected. For security reasons, the password should be sent separately – for example by SMS. This is also easy to do with DRACOON for Outlook.
Files received as email attachments can be uploaded and saved directly via DRACOON for Outlook.
Download links for files, folders, and entire data rooms that already exist in DRACOON can be easily created and sent via email.
Meet your email encryption and privacy needs with a simple Outlook Add-In – with DRACOON for Outlook, you can continue writing emails in your familiar working environment and add attachments of any size as needed. These, and if required the entire email, are automatically stored in DRACOON and are sent as a secure and GDPR compliant download link.
You can also set a date for links to expire or limit the maximum number of downloads and set a password. You can then send the password to the recipient directly from DRACOON for Outlook.
This allows you to retain control of your data at all times.