Answer yes if your organisation uses opportunistic TLS by default and has the capability to configure enforced TLS on email services to specific domains if requested.
What is it?
There are a variety of protocols used in the transmission, routing, and reception of email. By default, most are unencrypted meaning emails travel over the network, including the internet, in clear text and can be read by anyone with visibility to the network segments over which they travel.
TLS stands for Transport Layer Security and provides an additional layer of security by adding encryption. It can be used in conjunction with a number of communication protocols including those used with email.
Why should I have it?
By implementing TLS, you ensure that emails are sent within an encrypted envelop between client to server(s) and then to the recipient client.
However, this is only effective if the encryption is used. Since most email protocols are natively unencrypted, many email servers and clients will accept unencrypted connections. It’s therefore essential to configure email servers (and clients, where possible) to only accept encrypted connections and not accept unencrypted ones. Without this, email could still be transmitted to and from your domain without encryption, even though you have the capability, and still be readable to people over the network, putting your and clients’ information contained in those emails at risk.
Quite simply, whatever email protocols and platform(s) you use, implement a policy to enforce the use of TLS in your system configurations making sure that unencrypted connections are not possible.
This approach should be used for all otherwise unencrypted protocols.
There are numerous consultancies or individual consultants that will be able to assist in crafting a policy and implementing TLS in a way that meets your business and technical requirements.
If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.