Businesses all around the world rely on email to get things done. It is one of the quickest and most convenient ways of staying in touch. However, with the growing popularity of remote working, combined with a rise in email scams such as phishing and cyberattacks, ensuring emails are encrypted in line with compliance regulations is more important than ever. This is especially true if the organization deals with sensitive personal information or financial details.
There is a choice of encrypted email systems for businesses to choose from, with two of the most commonly used being the Secure Multipurpose Internet Mail Extension (S/MIME) and Transport Layer Security (TLS). But what are the differences between these two types of encryption and which is best suited to modern business?
TLS is the standard form of encryption used by major email providers such as Microsoft and Google. It uses something called STARTTLS to secure messages in transit, preventing messages from being intercepted.
However, the main drawback with the TLS system is that it secures messages when in transit but not the data contained in the message itself. That means only the transmission channel is secured, leaving the contents of the message vulnerable to attack by hackers. This makes TLS less secure, especially if sensitive information is being sent.
S/MIME is an email signing security protocol that uses encryption to increase confidentiality. It is implemented using a S/MIME certificate which ensures emails are only read by the intended recipients. In essence, S/MIME certificates allow authentication of emails so that both recipient and sender know who they are communicating with.
S/MIME encrypts and decrypts email messages so that no unauthorized party can see the content of the emails or any attachments. This is called end-to-end encryption.
The key difference between TLS and S/MIME is the exact nature of what is encrypted. TLS encrypts the communication channel itself, which in this case is the email in transit. However, S/MIME encrypts the message, which is the contents of the email plus any attachments. In essence, it is the difference between talking openly on a secure phone line and talking in code on an open line.
With TLS, no third party or ‘middleman’ can get access to the message while it is in transit. With S/MIME, hackers can potentially intercept the message, but the contents are encrypted and will be of little to no use.
As the main form of encryption used by major email platforms, TLS is more widely supported and operates more seamlessly for the average user. However, this may not be enough at a professional level. TLS encryption is also vulnerable to hacking and phishing scams as it does not protect the content of the message itself.
From an ease-of-use point of view, configuring, maintaining, and supporting S/MIME can take more time and resources than are available to some smaller organizations, but the level of security is of a higher standard. TLS is generally enough for personal use, but businesses and other organizations may want to consider using S/MIME or similar to meet compliance guidelines for data security.