Webroot^® Email Security SaaS
Encryption Service

Email is vital in business communication. Companies are dependent on email to correspond with customers and employees on a daily basis. This correspondence often contains sensitive information - intellectual property, financial figures, medical records, or other data - that is subject to regulatory compliance requirements.

Why Encrypt?

Increasingly, email encryption is becoming required by law:

• A new HIPAA law that goes into effect in February of 2010 brings drastic implications including a penalty increase for violations up to $1.5 million.
• The State of Nevada passed a law in October 2008 that all businesses must secure confidential customer information if it is sent electronically.
• The Commonwealth of Massachusetts has mandated that, effective January of 2010, companies are required to encrypt all personal information of state residents transmitted electronically or wirelessly. This includes Social Security and employer-identification numbers, drivers' license or identity card data, account, credit and debit card numbers with any password or security and access codes.
• The Gramm-Leach-Bliley Act (GLBA) protects consumers' personal financial information held by financial institu- tions. Its "Safeguards Rule" requires all financial institutions to design, implement and maintain safeguards to secure confidential data.
• The UK Data Protection Act insists that companies protect personal data, use it only for its intended purpose, keep it accurate and comply with several other data protection principles. Violators are subject to criminal prosecution.

Email Encryption Made Easy

Encryption is no longer just a luxury - it is a critical part of a comprehensive security strategy. The Webroot^® Email Encryption Service helps businesses meet legal, compliance and regulatory standards by automatically encrypting email messages based on company email policy. This policy based encryption service expands data loss prevention capabilities and improves the secure handling of confidential company data. Customizable encryption policies allow automatic email encryption based on existing administration rules. Users can also encrypt communications on an as-needed basis. Messages are sent securely even if the recipient does not have encryption capabilities, eliminating the need for users to manage encryption keys.

How it Works

1. Email messages tagged for encryption are delivered to the Webroot datacenter via a secure SSL/TLS encrypted channel.
2. Messages are scanned according to email filtering and use policies then encrypted and either delivered directly to the recipients email inbox or stored centrally for access via a secure web portal. Company policy will dictate preferred method of delivery. No hardware or software is required by sender or recipient.
3. For messages stored centrally for access via a secure web portal, a standard SMTP based email will be sent to the recipient informing them an encrypted message has been sent. This message will include a link to the secure web portal as well as instructions on how to login to receive this message. Recipient access to this web portal is secured via an HTTPS/SSL 128-bit encrypted channel.
4. Once accessed, this secure web portal will allow recipient to view original message, reply to sender and even create new messages securely.