Featured Pathways

More pathways

Banking Essentials - Part I

This pathway will walk us through the basics of banks, starting with some of the different types and their main functions, then starting to look at the regulation faced by the banks, both before and after the Global Financial Crisis.

Greenwashing

Greenwashing is the act of distributing false information about something being more environmentally friendly than it actually is.

More pathways

Book a demo

Pricing

Ready to get started?

Plans & Membership

Our Platform

Expert led content

+1,000 expert presented, on-demand video modules

Learning analytics

Keep track of learning progress with our comprehensive data

Interactive learning

Engage with our video hotspots and knowledge check-ins

Testing & certification

Gain CPD / CPE credits and professional certification

Managed learning

Build, scale and manage your organisation’s learning

Integrations

Connect Finance Unlocked to your current platform

Featured Content

More featured content

Tackling the Cost of Living Crisis

In this video, Max discusses the cost-of-living crisis currently enveloping the UK. He examines its impact on households as well as the overall economy.

CSR and Sustainability in Financial Services

In the first video of this two-part video series, Elisa introduces us to sustainability. She begins by looking at the difference between sustainability and corporate social responsibility, two terms that can be easily confused.

More featured content

Book a demo

Pricing

Ready to get started?

Featured Pathways

More pathways

Banking Essentials - Part I

This pathway will walk us through the basics of banks, starting with some of the different types and their main functions, then starting to look at the regulation faced by the banks, both before and after the Global Financial Crisis.

Greenwashing

Greenwashing is the act of distributing false information about something being more environmentally friendly than it actually is.

More pathways

Book a demo

Pricing

Ready to get started?

Plans & Membership

Our Platform

Expert led content

+1,000 expert presented, on-demand video modules

Learning analytics

Keep track of learning progress with our comprehensive data

Interactive learning

Engage with our video hotspots and knowledge check-ins

Testing & certification

Gain CPD / CPE credits and professional certification

Managed learning

Build, scale and manage your organisation’s learning

Integrations

Connect Finance Unlocked to your current platform

Featured Content

More featured content

Tackling the Cost of Living Crisis

In this video, Max discusses the cost-of-living crisis currently enveloping the UK. He examines its impact on households as well as the overall economy.

CSR and Sustainability in Financial Services

In the first video of this two-part video series, Elisa introduces us to sustainability. She begins by looking at the difference between sustainability and corporate social responsibility, two terms that can be easily confused.

More featured content

Book a demo

Pricing

Ready to get started?

Book a demo

Pricing

Ready to get started?

Email Encryption Techniques

Email Encryption Techniques

Ciaran Rooney

20 years: technology, cybersecurity & operations

Now you understand the basics of cryptography, you can learn how it is applied to email encryption. Join Ciarán Rooney in this video as he explains why it is needed, the different stages at which a mail can be intercepted and the standards used for email encryption today.

Now you understand the basics of cryptography, you can learn how it is applied to email encryption. Join Ciarán Rooney in this video as he explains why it is needed, the different stages at which a mail can be intercepted and the standards used for email encryption today.

Subscribe to watch

Access this and all of the content on our platform by signing up for a 7-day free trial.

Email Encryption Techniques

10 mins 45 secs

Overview

An email is vulnerable at several different points along its journey. All organisations, irrespective of industry and size, use emails to exchange data and documents that may include financial information, customer contracts, employee information, and other forms of sensitive data. Cryptographic techniques can be used to ensure the safe transmission of an email. The longer a key is, the better security it provides for encrypting data and documents in various verticals such as banking, financial services, and healthcare. The length of a key must align with the algorithm that will use it, and most algorithms support a range of different key sizes. 

Key learning objectives:

  • Understand the need for cryptography needed in modern email communications

  • Comprehend the significance of key length in encryption

  • Understand the 2 types of models used in modern email encryption

  • Understand the main encryption standards used irrespective of model type

Subscribe to watch

Access this and all of the content on our platform by signing up for a 7-day free trial.

Summary

Why is cryptography needed in email?

Encrypted email communications are not only an essential requirement for the security of data, but also mandatory as part of regulatory compliance for many organisations in verticals such as banking, financial services, payments, and healthcare where customer data cannot be allowed to fall into wrong hands. 

What are the different stages during which an email is vulnerable?

  • On the sender’s client or device before or after it is sent
  • In the connection between the sender’s device and their email provider
  • On the servers of the sender's email provider
  • In the connection between the sender’s and the receiver’s email provider
  • On the servers of the receiver’s email provider
  • Finally, on the client or device of the receiver

These points can be grouped into 2 sections: When the email is on a server or client device (data at rest) ; sent between clients and servers (data in flight)

What is the importance of encryption key size in security?

An encryption key is one most fundamental part of the encryption process. The longer a key is, the better security it provides. Encryption key length is specified as a logarithm in the form of bits. Symmetric key systems typically use a key length of between 128 bits and 256 bits. Asymmetric key systems use much larger key bit sizes (1,024, 2048 or 4096 bits) so not only do they reduce risk of sharing keys but also offer improved encryption security. 

Why is symmetric key still used despite better security in asymmetric key cryptography?

Main issues regarding the asymmetric method is encryption feasibility which depends on the key length and the computing power needed to encrypt and decrypt the information. There needs to be a trade off between computation power and key length. Symmetric is normally used for internal communications and asymmetric encryption for external. 

What is the modern email encryption process?

Emails require end to end email encryption (covering both data at rest and data in flight). 2 types of models are commonly used:

  • Gateway based model - A specific software operates on the company's network and is directly responsible for encrypting all emails. All mails undergo same screening process regardless of the type, content or length. This method encrypts the data at rest on the company’s servers and the data in flight between the servers and clients. However, this does not cover the data at rest on the sender’s or receiver’s devices.

  • Client-based model - The encryption software runs directly in the email client on the sender’s and receiver's devices. Sender is responsible for encrypting emails and provides flexibility of being able selectively encrypt important mails. While providing true end - end encryption, it involves a human element, creating the potential for error. 

What are the three main encryption standards irrespective of type of model?

  • SSL and SMTP over TLS or STARTTLS - Server-to-server method of encryption that rely on SSL certificates. This is the standard method for email providers to secure messages passing between servers or data in flight so this method on its own does not offer end-end encryption.

  • S/MIME or Secure/Multipurpose Internet Mail Extensions - Uses email certificates on the sender’s and receiver’s email clients. A security certificate from a Certificate Authority (CA) or a public CA is needed to use this method. It combines a digital signature with encryption to secure an organisation’s email traffic. This llows for true end to end email encryption.

  • PGP or Pretty Good Privacy - This uses public keys like public-key encryption rather than certificates. It authenticates the sender of an email and encrypts the text inside the message body, allowing for end-to-end email encryption. However, both the sender and receiver require a software client or a plug-in to process PGP keys.

Subscribe to watch

Access this and all of the content on our platform by signing up for a 7-day free trial.

Ciaran Rooney

Ciaran Rooney

Ciarán is the Chief Technology Officer of Finance Unlocked Ltd, the company behind the learning platforms Finance Unlocked and Sustainability Unlocked. He has over 20 years of experience in technology, cybersecurity and operations. Ciarán has held the role of CTO of several successful startups, including; busuu, one of the world's largest language learning platforms; the ad tech company Skimlinks, a content monetisation platform for some of the world's largest online publishers; and Swoon, a leading direct to consumer furniture brand. He has also been a technical consultant, a startup mentor, a conference speaker, and the Chair of the PHP UK Conference.

There are no available videos from "Ciaran Rooney"