Companies should consider gateway email encryption to protect against increase in malware, says Network Box

Published 19th May 2009

Companies that regularly send confidential information by email should move to gateway email encryption, rather than relying on systems that require individual users to implement encryption technology, says new advice from managed security company, Network Box.

Sending SMTP emails without using encryption or authentication is the equivalent, says Network Box, of leaving a letter unsealed before putting it in the post.

Gateway encryption is simple to implement, and does not rely on individual users to manage it (as with client-side solutions such as S/MIME and PGP).

“If you do not regularly send confidential information by email, or you trust your ISP to protect that information, then you don’t need gateway encryption,” says Simon Heron, Internet Security Analyst for Network Box. “But if you do, then it is worth considering as an alternative to a client-side encryption.”

Network Box has advised its clients to consider using encrypted email for sensitive information if they don’t currently, and to configure their existing security systems to support encryption for SMTP mail, either by using ‘opportunistic encryption’ mode or by configuring security to require encryption between specified domains or servers.