How to ensure secure email exchange with external business partners

How to ensure secure email exchange with external business partners

What's the best solution for a company that wants to securely receive documents from other business partners electronically? The company in question frequently receives documents containing financial information from other external entities, and would like to ensure the documents being received are securely transmitted.

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The ideal solution for secure email exchange would be to get all parties to agree on a proven email encryption tool, such as those offered by PGP Corp., Trend Micro Inc. or Entrust Inc. Using encryption, the company and its external business partners would be able to exchange emails and attachments without fear of an outsider being able to read them. An encrypted email is automatically "signed" by the sender's private key, so recipients have a built-in method of ensuring the sender really is who they seem to be.

If email encryption is not feasible, adequate security may be achieved by using a tool such as WinZip or WinRAR to compress and encrypt the sensitive material. The zip file can then be sent as an email attachment. You would, however, need each recipient to agree to one-time (single-use) passwords to encrypt and decrypt the file to ensure each transmission was properly secure. For maximum protection, the passwords would have to be exchanged via another medium, such as the telephone.

If the files are too large to be sent as an email attachment, you can always use a third-party file exchange service such as YouSendIt, but be sure to encrypt the data using one of the tools mentioned above before sending it.

If you need to exchange a large number of files with each recipient on a regular basis, you will probably find emailing files one by one far too onerous. In this situation you may want to consider using a secure FTP server or even a site-to-site VPN connection. So long as you set up each business partner's access correctly, this can provide a convenient drop-box style method for exchanging hundreds or thousands of files without exposing them to a third party.

This was first published in September 2010

Back to top