Cyber security has become an increasingly important topic in the modern world since more and more people are willingly giving up all of their personal information to social media sites like Facebook, and even the president of the United States recently used an unsecured cell phone to illuminate classified documents in full view of a resort restaurant. The concept of cyber security is expanding so rapidly that you might not even realize you’re making yourself vulnerable to critical breaches of private information.

Luckily for those of us who want to send things through the internet without the threat of prying eyes getting a peek, there are still a few ways to maintain your digital privacy.

Email Encryption

For firms that send thousands of sensitive emails on a daily basis, like a bank or other financial institution, it is necessary to take every precaution available to avoid that information falling into the wrong hands. Whether it be your portfolio emails to clients or investment reporting emails to colleagues, your emails are meant for the intended recipient and the intended recipient alone. Any information captured during the sending process by a hostile outside party could spell huge trouble for you and your firm, so how can you ensure your email package goes undisturbed?

WARNING! NERD ALERT AHEAD!

One of the most widely used systems of email security is through the use of Transport Layer Security (TLS), which automatically encrypts the email contents during the sending process so they can not be intercepted and read. TLS is referred to as “application-neutral”, meaning that it can be applied to emails and sent to differing email clients, so long as they also have TLS protocols in place. They two systems have to communicate via a digital “handshake” that interprets and unencrypts the message.

The problem with TLS is that even if your email client offers TLS encryption, your recipient’s email client might not. In which case, the email will be sent sans encryption, leaving it vulnerable to attack. This is where you can make a distinction between the types of TLS you choose to employ:

  • Opportunistic TLS

Opportunistic TLS is simple to remember because it means that an email will be encrypted if and only if both the email client of the sender and the email client of the recipient has TLS encryption capabilities. If not, the email will be sent without encryption.

  • Forced TLS

Forced TLS has the same requirements for sending an email as Opportunistic TLS, the only difference being if one of the email clients doesn’t have TLS capabilities, the email will not send.

For the financial world, Forced TLS is the most reliable option since you are often handling very sensitive information and want to ensure you’re doing everything you can to keep it from being intercepted in transit. No client who’s had their identity stolen due to an unencrypted email is placated by the fact that you had Opportunistic TLS enabled. They want 100% certainty that their information is safe in your hands.

On the other hand, if you apply Forced TLS as a sweeping policy across all your emails, you will quickly become frustrated at the amount of correspondences which don’t get delivered since enabling TLS isn’t a universal practice. Therefore, it seems the best course of action is to apply Forced TLS to your internal communications and trusted clients and apply Opportunistic TLS to everything else.

If you’re targeting retail investors, you may be communicating with a wide swath of different email clients and customers, making consistently encrypting your external email communications nearly impossible. If you are a financial institution, however, you are mostly communicating with fellow financial firms, all of which should have a TLS protocol in place. In which case, you should have the vast majority of your communications, both internal and external, encrypted via TLS.

The bottom line is, no matter what email service provider you are working with, you should insist on encryption protocols for your emails. You can never be sure the valuable information you’re delivering on a daily basis is safe otherwise.


If you would like any advice on how to put these essential protocols into place, don’t hesitate to reach out to us at engage@stoneshot.com or at +1 (347) 352 8186