Q1 What is TLS?
TLS (Transport Layer Security) is an encryption process that functions similar to SSL (i.e. https://) which is used by Internet sites to encrypt and protect transmissions between the web server and the user’s PC browser (i.e. Explorer or Firefox). Both
TLS and SSL create an encryption tunnel between two entities. SSL is in use when you see a padlock icon on your browser. The URL address will show as https when SSL is active.
TLS creates an encryption tunnel between two e-mail servers that both have TLS active. When TLS is in place, users from both parties can send e-mail to each other without doing anything extra to encrypt the email or its attachments. Passwords are not required to open a given e-mail message or attachments. This greatly simplifies the process for protecting confidential information, because no extra steps are required by the sender or receiver.
Q2 Why should I care about e-mail encryption and TLS?
All the business reasons for protecting customer data – the effect of a data breach on the agency’s reputation, the cost of remedying the breach for the client, possible regulatory action, potential E&O exposure, etc. CLICK HERE for more.
Q3 How secure is TLS?
TLS is considered a standard secured email when properly implemented. Should be implemented by an IT professional.
Q4 What are the benefits of TLS?
- Provides 2 way email encryption of your data
- Inexpensive to implement, and works
- Requires no changes to the end-user PC
- Is an industry standard and can work for most vendors, carrier and commercial insureds.
Q5 What are the hardware/software requirements?
TLS is built-in to most all modern email systems.
Most agencies that use a recent version of Microsoft Exchange or Lotus Notes already have the TLS encryption available to them to turn on. For those agencies that outsource their e-mail to a third party, many vendors already support TLS.
Q6 How much does it cost?
This depends on your agency e-mail configuration but the typical e-mail certificate runs between $70 and $400 for one year.
Q7 What resources are available for additional technical information?
See these links:
Q8 Which insurance carriers have TLS capabilities?
Many insurance carriers already support TLS. See the “Specific Carrier TLS Email Encryption Information
” page of the ACT Web site (www.independentagent.com/act
) for the latest list of carriers which have reported to ACT that they are enabled for TLS for their agents if they also have this capability. If one of your carriers is not on this list, please check with them to see if they support TLS.
Q9 What is the impact on the end user?
None. The e-mail is sent / received in a secure way that is transparent to the sender / receiver.
Q10 Is any training needed to support TLS for e-mail?
Not for the end user.
Q11 How can you tell if your e-mail system already supports TLS?
Nothing in your e-mail client will tell you. You should ask your e-mail system administrator or third party provider.
Q12 How can you tell if your e-mail was sent via TLS?
See your email administrator.
Q13 Are file attachments encrypted?
Yes. The entire email is protected including all of the attachments
Q14 What effect does enabling TLS have on your e-mail server’s performance?
This would depend on the e-mail server – probably less than 10MB of family pictures that get forwarded all the time.
Q15 If I access my company e-mail at home, does any e-mail I send/receive still get TLS encrypted?
No from your home to your agency unless you are using a secure remote desktop connection such as VPN or SSL. Yes from your agency email server to the company email server.
Q16 We use a third party for securing email (anti-virus or spam filtering). Does this have any effect on TLS?
You need to have your IT administrator verify with your 3rd party providers that they also support TLS.
Q17 Once TLS is enabled do I have to configure our e-mail server for each carrier/vendor/customer that wants to support TLS?
No, unless you want to force TLS with an entity, then Yes (this may vary by e-mail system).
Q18 Are there any adverse effects to my existing e-mail integration with my agency management system?
Q19 How are other agencies leveraging TLS with customers, carriers and vendors?
A few agencies are starting to promote to their customers (during the sales process) that they have secure email and take data security very seriously.
Q20 If I already use proprietary e-mail encryption software in my agency, do I still need to support TLS?
The proprietary solution may provide protection when TLS is not available for a particular business partner. Some proprietary e-mail encryption packages may be stronger than TLS in that they protect from desktop to desktop. Contractual obligations may require specific encryption packages.
Q21 What happens if our agency implements TLS and the receiver/system of the e-mail does not support TLS?
This depends on how the e-mail server is set up. A possible set up is to have the server negotiate a TLS session when TLS is available, but send the e-mail unencrypted if TLS is not available.
Q22 What is the down side to supporting TLS?
If configured correctly, none. It can only help your agency to protect your customer data better.
Q23 If I outsource my e-mail hosting to a third party, can I still leverage TLS?
This would have to be discussed with the third party.
Q24 How can enabling TLS increase sales?
Companies today are becoming increasingly aware of the risks associated with Internet use and will prefer to do business with partners which are like-minded regarding protecting sensitive customer and company information. States are beginning to require businesses to protect the sensitive information owned by their residents that is transmitted over the Internet. Businesses that cannot comply with this requirement may find it too risky to do business in those states or may be barred from doing business by the state regulators. Make security of data a talking point for producers during the sales process. Explain how your agency is protecting their data both at rest and in transit.
Q25 Can I take advantage of TLS if I am using a free e-mail service?
If you are using a free e-mail service such as Yahoo, Hotmail or Google, these service providers do NOT typically provide TLS capability.