Debunking Nine Myths About New-Gen Email Encryption

by Chris Preimesberger

Not all email encryption solutions are created equal. For instance, Yahoo offers https for Yahoo users, which encrypts mail as it travels between the user’s Web browser and Yahoo servers. While this helps keep Yahoo users secure, any email sent outside the Yahoo ecosystem to email platforms such as Outlook, Office 365, Hotmail and Google is not encrypted. For any business that needs to maintain or comply with federal regulations that protect personal privacy, there’s still a need for heavy-duty email encryption options, such as Google Apps Email Encryption.

Federal and state legislation outlaws the theft of electronic communication. Other laws exist to protect personal property, but that doesn’t mean people don’t lock their homes or cars. Laws don’t prevent anyone from breaking into your home or car, so why would they prevent hackers from intercepting your email and stealing valuable data? Security solutions, like anti-spam and antivirus, have become foundational for email hygiene for your enterprise. Email encryption also should be foundational.

Historically, email encryption packages have required users to jump through hoops to encrypt and decrypt emails, and they have often been associated with slow, inefficient processes. To stay productive, employees avoided using email encryption and found other ways to communicate that can be more vulnerable. However, email encryption has evolved substantially in recent years. The more advanced email encryption systems allow employees to exchange encrypted emails the same way they would with conventional email workflow isn’t interrupted, and no extra steps or passwords are required for senders or recipients.

Mobile users spend more time using email on their devices than any other mobile activity. Distorted layouts and cumbersome extra steps would diminish the benefits of email encryption and force users to find workarounds. To address the increasing demands of mobile users, email encryption solutions have integrated seamless navigation from desktop to mobile device that takes advantage of the user’s environment and removes extra steps.

Many companies have secure eRoom or SharePoint sites where documents can be shared in read-only mode with other employees, boards of directors, auditors and investors. While this approach can work, it doesn’t support a dialogue if there is a discussion occurring about any of the materials. Often discussions about sensitive information start in personal email, which may violate compliance and security policies.

Email messages can be stored on a number of public servers along the way to the recipient, so sensitive information can be intercepted and captured by anyone, anywhere along the way. Organizations that must comply with regulatory requirements for data privacy have additional risks and penalties if messages are not secured. The best way to ensure that emails are private and their sensitive data is protected is to use encryption that meets regulatory standards.

Email encryption has evolved, and enterprises can access new-generation email encryption that is easy for senders, recipients and administrators. Email encryption through software-as-a-service (SaaS) architecture has simplified the process for specifying and deploying secure messaging solutions. New-generation email encryption can be easily integrated and deployed in hours, not days. For security managers, compliance managers and IT managers, many solutions also offer management consoles and dashboards to alleviate management headaches and improve processes.

If you have sensitive data, then you should always encrypt it, whether there’s a legal obligation or not. Even though your company may not incur legal penalties, there could still be serious business and public relations ramifications. Whatever encryption option you choose, make sure it meets necessary corporate and regulatory requirements and that it works well for your organization.

Boilerplate notices do nothing to protect confidentiality of the email message content and attachments. Email is often misaddressed, and wrong receivers have no obligation to respect the notice. And there is no chance hackers who intercept emails—whether they work for the National Security Agency or for a criminal organization—are going to respect a confidentiality notice. The surest way to protect the privacy of a message is to encrypt it.