Secure your daily communications

31 Oct 2023 | Jindřich Zechmeister

October is a month of cyber security. It is therefore the best time to think about what you can do to secure your daily work. One of the most overlooked risks is the email that we use daily to exchange sensitive information. This article will advise you on how to secure it throughout the company without any effort.

Fifty-year-old technology in the age of quantum computers

It's unbelievable, but the first email was sent on the ARPANET back in 1971. Back then, no one imagined that it would be the main communication channel for decades to come, and that we would be fighting billions of spam messages every day.

Few people realize how simply email works. As a sender, you can set any address and name, then it is only up to the mail servers whether they send such a message and then accept it. An email message is just text that travels over the Internet like a postcard without an envelope. If it doesn't go over the network via an encrypted connection, then anyone can read it. This can happen even after it has been delivered to the recipient's server, because it is still plain text.

So when you send an email, you are giving the information contained in it to the Internet, and you can only hope that no one gets to it and does not misuse it. The security of mail in transit is the job of mail servers, and you cannot control security at this level. Wouldn't it be nice for users to be able to "seal" a message with their hand and make sure that only the recipient reads it? Fortunately, there is an electronic signature that allows you to both sign and encrypt a message.

Email attacks are becoming more sophisticated

The "good guys" in corporate IT departments are fighting hard against spam and fraudsters. To do this, they use increasingly complex tools such as SPF, DMARC or DKIM, which make it possible to secure mail against forgery of the sender's address. On the other hand, the "bad guys" have the same tools at their disposal and make fake messages as credible as possible. Fraudsters are constantly fighting with postmasters who want to identify and discard such messages; this fight is never-ending and some fraudulent messages always get through to the recipient.

Spam is not just annoying newsletters and emails from exiled Nigerian princes who want to transfer millions of dollars to you (nowadays they are just amusing). A significant portion of spam tries to infiltrate a company through an inattentive employee and cause damage.

You must also have received a so-called sextorsion email, threatening that someone would publish the details of your masturbation or compromising photos of you obtained using a computer webcam. Of course, the blackmailer wants you to pay not to publish them. You certainly also remember fake invoices, fake enforcement orders, and fake emails from the police (local or International) from companies. But such campaigns don't work very well anymore.

Rather than a wider audience, attackers target specific employees using so-called spare phishing. For example, accountants in a company are sent fake payment instructions on behalf of the director. Or they change the account number to their own in an email about payment. If emails have no electronic signature, you will not find out that it has been changed, nor are you 100% sure who sent it.

Let your employees trust email again

With an electronic signature, you will get three important assurances: who the email is from, the origin and time of the message, and that the message has not been altered since it was sent. To do this, it is enough to have a digital personal S/MIME certificate. With it, you can also encrypt messages between recipients, so that no one but the recipient and the sender can read them. Signing takes place automatically and is supported by all known mail clients (Outlook, Thunderbird, etc.).

A more experienced reader who has already encountered an electronic signature will surely argue that obtaining an S/MIME certificate and setting it up on a computer is annoyingly complicated. And the most experienced will answer that in order to encrypt messages, we must first exchange a certificate with the recipient. Both are true, but both problems can be easily solved. It is enough to introduce an electronic signature throughout the company and automate the deployment.

We can automate everything

S/MIME certificates cannot be deployed one at a time, as this would require the administrator to bypass all employees and would spend an unreasonable amount of time. We can automate the entire process of obtaining a signature certificate, downloading it to the client and installing it - as well as the life cycle of TLS certificates for the web.

KeyTalk Secure Email service can issue, distribute, and set up certificates for users in Outlook or on their portable devices. Issuance is ensured thanks to its connection to the certification authorities’ API and details about the user are read, for example, from Active Directory, where the issued certificate is then uploaded. Clients will then set up the S/MIME certificate for signing in their mail clients and devices.

The server with KeyTalk can run in your company as on-premises, or you don't have to worry about the operation at all and use KeyTalk as a cloud SaaS service. If the KeyTalk administrator sets it up appropriately, the user (employee) does not have to worry about anything and does not even know that an S/MIME certificate has been replaced and installed on his computer. The entire company can easily start signing or even encrypting emails, but the transition to S/MIME certificates is quiet, painless and does not disturb anyone.

SSLmarket is a data security partner

SSLmarket by ZONER software is a KeyTalk partner and the world's largest DigiCert CA. We have the latest certificate lifecycle management and automation tools available. Do not hesitate to consult us about your user cases without obligation, we will be happy to advise you and the consultation is non-binding..


Ing. Jindřich Zechmeister
TLS certificate specialist
Certificated Sales Expert Plus
e-mail: jindrich.zechmeister(at)zoner.com