Email is notoriously difficult to keep secure. We’ve had it for over forty years - and that’s kind of the problem. When email was created there were about five people on the internet and they were all in the same class at UCLA. The likelihood of serious crime being committed by email was pretty low. But now, the tables have turned: where forty years ago, there was effectively no-one online, now there’s effectively everyone. And the result is a far greater risk of crime - fraud, blackmail, vindictive release of personal details, industrial sabotage, and more. So what do you need to know about email encryption to keep your emails safe? 1: Your emails aren’t safe Everything you write in an email is visible to anyone who intercepts it. What you put in an email is totally unencrypted and crosses the internet - including any local nets, proxy servers, wireless networks and more - totally unencrypted. Don’t send your bank details, or your personal details. In fact, don’t send an unencrypted email you wouldn’t post ‘public’ on Facebook. 2: They can be… with PGP Emails can be encrypted using two major types of tools. One is called ‘PGP,’ for ‘Pretty Good Privacy.’ It works by a variation of the ‘public key’ system, using two layers of encipherment and a secondary encryption layer between them. As such, it’s tough enough for most purposes. Once available as freeware, it’s now available only as a low-cost commercial program. And while it’s one of the most effective ways to keep your emails’ contents out of the wrong hands, it doesn’t integrate very well with the kind of business email tools most organizations use these days, like Outlook. 3… Or S/MIME... S/MIME is Secure/Multipurpose Internet Mail Extensions. If it sounds like the square one, when compared with PGP, it is. But it’s also pretty effective, despite a major downside. It works in a similar way to SSL security, using a key issued to each user by a trusted authority. Every user has to have a publicly-verified encryption/decryption key. Because of this, S/MIME is very, very tough to break into, but also very expensive to operate. It also can’t be used to encrypt emails to people outside your organization unless they want to buy a key. Free keys are usually freemium or trials, and might not be suitable for business use. 4: ...or Sophos? SPX (Secure PDF eXchange), Sophos’ proprietary email encryption service, sends PDFs with password encryption. It’s only available to Sophos customers, but the password-based encryption means it's difficult to crack. 5: Maybe they don’t need to be? Your email text might not need to be secure. Maybe you could send an attachment that’s secure instead? An encrypted attachment would ensure that the text you need to keep secure moves across cyberspace without prying eyes reading it. Most file encryption options require symmetrical encryption, which means both parties have to have a key. But that’s easy to fix - you can phone, text or IM the key (not from your email account!) and keep secure. Just make sure you use an up-to-date zip encrypter like 7-Zip, since earlier zip systems have weak security and OSX and Windows both don’t support newer systems. We have assisted numerous companies in various industries with finding the right IT solutions for their needs. To let us do the same for you, call us today at (847) 859-1600, or fill out our contact form.
