Email is a lifeblood for many businesses. We’ve discussed previously the importance of encrypting data at rest, but what about data in transitlike all the information your business is sending via email. Are you sending any sort of personal, private, or confidential information email to outside parties? What would happen if that email were to fall into the wrong hands or be read by an unintended recipient?
Think about if you were to print up a document that had some confidential employee-related information on it. You wouldn’t just pass it around the office so everybody could see it before it reached your final destination, but that’s basically what you’re doing with unencrypted email you’re sending outside of your office. For the most part, email is sent in a plain-text format and potentially readable by any or all the devices and routers that email passes through on its way to its destination.
With encrypted email, you’re sticking that document in a private envelope that can only be opened and viewed by the recipient. You can pass it around the office all you want, and it won’t matter (just like routers and servers along the way will not be able to read the email).
With more federal regulations (HIPAA, SOX, etc…) affecting businesses and how they pass their data, encrypting the private data in that email is likely soon to become mandatory.
Email encryption systems have been around for a while, but many of them are cumbersome and complicated to use. One of the earliest systems out there was Pretty Good Privacy, aka PGP). PGP involved sharing of certificates and (depending on the email client) complicated setups to make sure you could properly encrypt and decrypt message. Back in the early days of email, uber-nerds like us used to keep a public PGP key as part of their signature so folks could send us encrypted emails. The problem was that you could only send encrypted messages to people who had your public certificate, and vice versa. It was not very user friendly, and didn’t work well with Outlook.
And if it wasn’t Outlook-friendly, it realistically wasn’t business-friendly.
There are other systems that have come out since then. Some require additional hardware, some requires additional software, and newer versions of Microsoft Exchange and Office 365 has it built in – as long as your email never leaves your private email system.
Obviously you need the ability to send email to the outside world and encrypt it. So how do you go about that? We recommend a system that doesn’t require an all-or-nothing approach (where everything is encrypted or nothing is). The system should be smart enough to know when things should be automatically encrypted (by scanning for keywords like social security or credit card numbers). It should also be easy for users to force encrypt an email by including a keyword anywhere in the email like “[encrypt].” To make sure your recipient can get to your encrypted data, you need to make sure that your system doesn’t require some sort of plugin, as you don’t want to make it complicated for the recipient to open your message and will work on multi-platforms.
Does such a system exist? They do. The newly updated WestonBlock spam prevention tool (http://bit.ly/westonblock) has an option for e-mail encryption that has all these features, plus best-in-class email spam and virus protection as well as email continuity to keep your email up should your email server go down. It also has archiving and retention features for industries that require it. Contact us today for more information on this service and pricing.
Brock McFarlane is founding owner,CEO, and HIPAA Security Officer for Weston Technology Solutions. Weston Technology Solutions has been serving the Pacific Northwest since 1994, providing managed IT services to small and medium-sized businesses with offices in Bend and Anchorage. www.weston-tech.com, bmcfarlane@weston-tech.com, or 541.383.2340.