Email is just everyday communications, right? Something you chose to type instead of call and risk getting voice mail, or waiting until you are face to face with the recipient and speaking the message, right? Or perhaps something that multiple people need to know, and after all, email is certainly easier than getting everyone together for a meeting or a conference call.
This may all be true, but it only represents a fraction of the information shared on a daily basis via email. Countless messages are sent and received every day that contain sensitive, confidential, or otherwise private information, some of which may even be subject to regulatory oversight. Improper disclosure of certain information can be devastating to you personally, or your organization as a whole.
This is why we all should encrypt email.
Personal email encryption should be strongly encouraged, but the "blast radius" of a hack event is not as significant, so generally only tech savvy IT Security types bother with it. However, email encryption for businesses should be considered mandatory! The risk of even a single compromised message is far greater with a business account. The contents of the message and any attachments in an unencrypted email are visible to anyone who would want to take a look - this applies to both internal email that never leaves your network and email exchanged with clients or vendors that traverse the Internet.
While there are a number of approaches to encrypt email, most enterprise-class solutions are server or service based, meaning the encryption is part of the email hosting servers for an organization. While some may configure every email to be encrypted, which is the strongest posture, others may choose to encrypt based on specific policies or profiles. For example, a credit card company may choose to have every email from their customer service department encrypted due to the possibility of Personally Identifiable Information (PII) being included in an exchange with a customer. Yet the outbound marketing department sending generic invitations to visit the web site may not need to be encrypted. It may always be nice to have options, but you do not want your users to have to make a conscious decision to encrypt or not with each and every email they send! Centrally administered, policy driven encryption will avoid a lot of errors in judgment.
One main reason everyone doesn't encrypt email already is historically it was a complicated and expensive proposition, reserved for just those cases where people were certain they needed it. That is changing with the advancement of software solutions available to encrypt email. For example, BCC's MailProtect is a simple, ready to use solution that works across a number of operating systems and client configurations, including IBM Domino and Notes. It is a software solution that provides centralized management of a number of email security features, chief of which is email encryption. Another key feature is the ability to scan encrypted email for virus and malware infections. And centralized control means greater compliance, since decisions are made once then applied to all based on policy or profile rules.
Why encrypt email? For businesses, there is huge potential loss of revenue or reputation damage from a single intercepted email message. Since cost and complexity issues are waning as excuses to keep you from pursuing encryption options, it might be time to take another look at adding this additional piece of armor to your corporate defenses.
Want to learn more?