October 2020  

This document is designed as a modifiable guide for Encrypt Titan users.  It is important to note that Encrypt Titan is configurable, and your organization’s configuration may not be represented by this guide which uses default Encrypt Titan settings.  Please be sure to make the needed modifications before distributing the guide to your users.


TABLE OF CONTENTS


 

 

Introduction 

Encrypt Titan is a full featured encryption system that allows users to exchange information securely by way of email.  encrypt Titan provides organizations with the tools needed to adhere to state and federal privacy regulations while protecting their organization.
   

When a message is sent using the Encrypt Titan encryption feature, it is encrypted and protected so that the message can be safely sent without the contents of the email being disclosed or tampered with.

 

When to use Encryption

In general, when sending sensitive information to email addresses outside of your own domain, the Encrypt Titan encryption feature should be used.

When unsure if the contents of an email would be considered sensitive; it is recommended that the sender use Encrypt Titan encryption to secure the message.

 

Secure Delivery Methods in a Nutshell

By default, Encrypt Titan will automatically determine how to secure a message sent to the specific recipient.  


TLS Verify Delivery Method

Encrypt Titan will first attempt to deliver an encrypted email using TLS Verify.  TLS Verify is often the preferred delivery method because, in general, TLS Verify meets state and federal requirements for sending private information over email and does not require the recipient to take additional steps to view the email. The message is transported securely to the recipients mail server and then handed off for processing.

Users should check with their Compliance or IT Officer to determine if TLS Verity meets the organizations encryption requirements.

In order for a message to be delivered using TLS Verify, the recipients mail host, associated with the domains MX record(s), must support TLS version 1.2 or 1.3 (lower versions of TLS are no longer considered secure by regulators and are not supported by Encrypt Titan). In addition, the mail hosts name must match the common name (CN) of the digital certificate used to facilitate TLS.  Both the TLS version and the certificate match are required for TLS Verify to be used as the deliver method.  If either TLS Verify requirement are not met for a particular recipient, Encrypt Titan will automatically default to the Secure Portal delivery method for the email.



Secure Portal Delivery Method

The Secure Portal delivery method does not require any particular recipient mail server capabilities, however it does require the recipient to take the extra step of logging into the Encrypt Titan Secure Portal. Overall, the Secure Portal delivery method is more secure than TLS Verity, and offers encrypted message storage, two factor authentication and allows the encrypted message recipient the ability to reply back securely to the sender of an encrypted message directly from the Secure Portal.

The Secure Portal also provides additional controls for the sender of an encrypted email, such as message auditing, read receipts and the ability to recall an encrypted message that has been sent in error.


The table below summarizes the features of each secure delivery method.

 

Secure Delivery Method

TLS Verify

Secure Portal

Delivers directly to recipient’s email server

X

 

Does not require authentication

X

 

Two-factor authentication

 

X

Secure message storage

 

X

Export message to a password protected PDF

 

X

Detailed message auditing

 

X

Allows recipient to reply securely

 

X

Message recall (pull back a message sent in error)

 

X

 


How to Send an Encrypted Email  

  1. Log in to your email account (either via an email client such as Outlook or via the web).
  2. Create a new email message.
  3. Ensure the recipient’s email address is correct.
  4. In the Subject field of the email, enter the text /secure/ anywhere in the subject of the message.
  5. Type the message.

    Note: /secure/ is not case sensitive; /SECURE/ or /Secure/ for example, could also be used.

    Note: The keyword may be different for your organization.  Users should check with their Compliance or IT Officer when in doubt.

  6. Click on Send to send the message. The service will then encrypt the message and deliver it to the intended recipient.

           
            
   

 

        

    

By default, Encrypt Titan will first attempt to deliver the secure message using TLS Verify. If the recipients email server supports TLS 1.2 or 1.3 and the common name of the digital certificate matches the host name of the mail server, the message will be transported using TLS encryption and the message will be decrypted by the recipients’ email server.



A TLS Verify banner will be injected into the body of the message letting the recipient know that the message was transported securely.


If the TLS Verify delivery method is not successful, Encrypt Titan will automatically use the Secure Portal as the delivery method and the recipient will receive a notification message with a message link and instructions on how to retrieve the secure message.

 

The sender will also receive a notification email when a message is encrypted.  



If the  Secure Portal was used as the delivery methodology, then the notification message will contain a tracking link that enables the sender to both audit and/or recall the message.  If TLS Verify was used as the delivery methodology, the tracking code link will not be included in the notification message.

 

 

How to Force an Encrypted Email to the Secure Portal

 

Because TLS Verify does not provide the enhanced security that the Secure Portal offers, the sender may decide they want to ignore TLS Verify encryption as a delivery method and force the message to be delivered to the Secure Portal.

To force a message to the Secure Portal the sender only needs to type in a different keyword in the subject line.

 

  1. Log in to your email account (either via an email client such as Outlook or via the web).
  2. Create a new email message.
  3. Ensure the recipient’s email address is correct.
  4. In the Subject field of the email, enter the text /secureportal/ either before or after the subject of the message.

    Note: /secureportal/ is not case sensitive;  /SECUREPORTAL/ or /Secureportal/ for example, could also be used.

    Note: The keyword may be different for your organization.  Users should check with their Compliance or IT Officer when in doubt.

  5. Type the message.    
  6. Click on Send to send the message. Encrypt Titan will then encrypt the message and deliver it to the intended recipient.
  7. Encrypt Titan will “force” the delivery of the email to the Secure Portal and the recipient will receive a notification message with a link and instructions on how to retrieve the secure message.

 


How to display an audit log of an encrypted email sent to the Secure Portal
 

When a email is encrypted and sent to the secure portal, the sender will receive a notification receipt, confirming that the email was encrypted.  Within that receipt, is a unique tracking code that can be used to check the status of the encrypted email.  



When the sender of the message clicks on the tracking code, an audit log is displayed showing the actions taken by the recipient. Actions such as “opened”, “saved as PDF”, “printed”, “replied” and “deleted” are some of the actions that are audited.


 


How to recall an encrypted email sent to the Secure Portal

When a email is encrypted and sent to the secure portal, the sender will receive a notification receipt, confirming that the email was encrypted.  Within that receipt, is a unique tracking code that can be used to recall (pull back) the encrypted email.

For example, if the email was sent to the incorrect recipient or the wrong attachment was sent, the sender can recall the email which deletes it from the Secure Portal making it impossible for the recipient to open the encrypted email.

Once a email is recalled, the audit log will show that the email was recalled by the sender.

 

 

 

Encrypt Titan Outlook Plugin
 

In addition to being able to send encrypted emails using subject line keywords, Encrypt Titan users who use Outlook to access their email accounts can download an Outlook tool (known as a plugin). This enables users to send encrypted emails without the need for including a keyword in the subject line.

Once downloaded and installed successfully, you can use the Encrypt Titan Outlook Plugin to encrypt emails by clicking on the Encrypt icon in the top left of a new email and selecting either Encrypt with TLS Verify or Encrypt via Secure Portal. Your email will then be encrypted once it is sent.

 


Custom Email Expiration Time

The Encrypt Titan Outlook Plugin offers an option to customize the amount of time the email is available to the recipient. The recipient will only be able to access the encrypted email, and any attachments, within the time that you select using the expire drop down menu. After the email expires, it will be automatically deleted from the secure portal.

Please note this is an optional setting when using the Secure Portal delivery option only.  If the expiration time is not defined by the sender, the default retention setting of 60 days will be used.



                         


Option to Automatically Prompt Sender for Encryption
 

The Encrypt Titan Outlook Plugin can be configured so that the sender is prompted to encrypt an email when a recipient of an email is outside the senders organization. This prompt can be set under the Encrypt Titan menu option.

 

When enabled, the sender will be prompted with an encryption dialog box, as shown below, each time they send a email that includes an external recipient.

 

Categorize Encrypted Email

Easily Identify which of your sent emails were encrypted and which delivery method (TLS Verify or Secure Portal) was used. This prompt can be set under the Encrypt Titan menu option.

 

 

When enabled, a category label will be associated with each encrypted email that is sent that will include the delivery method. 

 

 

 

  

Frequently asked questions 

 

How long is a secure message stored on the Encrypt Titan Secure Portal?  

The default retention time for a message is 60 days.   However, when using the Encrypt Titan plugin, the retention time for a message can be modified to be as little as one day or as much as 180 days.  Once the retention time is reached, the message will be deleted.

What is the maximum size of an email that can be encryption? 

100 MB.

Where can I download the latest version of the Encrypt Titan Outlook Plugin?

The plugin can be download from the Encrypt Titan support site, at https://helpdesk.encrypttitan.com.

What versions of Outlook does the Encrypt Titan Plugin Support?

 Outlook 2013, 2016 and 2019 (32 or 64 bit).