Email encryption isn’t new. The first useable way of sending secure messages between email addresses was developed in the mid ’90s with the release of PGP. As good as PGP was it still required technical know-how to get running; which kept adoption within IT circles.
Since 2014 Google and Yahoo have been working on methods to make encryption of content available to anyone through web browser plug-ins. Two years later and neither have produced a workable, transparent. For businesses, with legal requirements to ensure the secure transmission and storage of customer data, waiting for encryption to become available through the big email players isn’t an option and alternatives must be sought.
Why encrypt business email?
Encrypting emails means no-one but the sender and the intended recipient can see the contents. For businesses this means:
- Compliance — Industry, or legal, regulations may insist on information transmitted by email not being readable by non-authorised people.
- Security — Having information fall into the wrong hands (eg competitors) can be disastrous and lead to lost business, court cases, or other serious problems.
- Tracking — Having an audit trail of email, including who opened and when, means a business can defend itself in disputes.
How email encryption works
Full email encryption is called end-to-end encryption. This means only the authorised sender and receiver can read the contents of a communication. Should anyone manage to intercept the message then all they’ve have is random, meaningless, junk.
End-to-end encryption is used in modern IM services like iMessage, WhatsApp, FaceTime, and Facebook Messenger (though it may not be the default setting). Standard email services don’t include end-to-end encryption so business users need to use add-on services to fully secure information.
The easy way to encrypting emails
An easy email encryption service must be:
- Simple for employees to create messages.
- Seamless for recipients to read messages.
- Able to encrypt original messages and replies.
A service which cannot meet these requirements won’t be widely adopted in an organisation or offer two-way encryption across a thread of messages.
The usual way to achieve easy encryption is through a third-party service to automate the process, ensure delivery, and provide a simple way for the recipient to read the message.
The ideal encryption service provides plug-ins for email apps (especially Microsoft Outlook for business users) alongside a web version. When an employee writes and email the plug-in automatically takes care of sending an encrypted message to the recipient without any intervention by the sender.
The receiver gets a non-encrypted message in their inbox. This email tells them the content is encrypted and includes a weblink. Clicking on the link displays the message in a secure web browser window. For safe two-way conversations the web browser will also offer a reply option so the recipient can send a secure response.
End-to-end encryption is the only way businesses can be sure emails they send are safe and protected from prying eyes. Any organisation that transmits confidential information needs to investigate its options and choose an encryption service employees will find easy to roll into their daily workflows.