Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
0
Email encryption--do you do it?
Why or why not do you encrypt emails that you send outside your network? What method do you use to do it?
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
7 Answers
Very rarely. I would if there were a more commonly accepted method to do it. I don’t think it’s worth it if the cost to decrypt is higher than the cost to encrypt.
If I need to send confidential information over email, I setup a method with the person who is receiving the information. For example, I might put the information on a secure server and give the other party access.
Messagelabs provides a good encrypted message gateway. Having said that, we don't use it very often
When sending confidential information to my vendors, I use PGP/GPG encryption. Cheap, effective solution.
We are driving the insurance vertical to wholesale adoption of Email Encryption via SMTP over TLS. In the future, we will also spearhead initiatives related to adoption of S/MIME.
Just my thoughts on that I do I agree with James on adoption of an email encrypting solution as have been using PGP since it was first released and now promote it company wide.
The problem with TLS is that it doesn't provide the same level of protection as a full encryption solution. I will always wrap solutions around the CIA Triad. Confidentiality, Integrity, and Availability. TLS does not provide all 3 of the aforementioned tenants of Information Security as there is no guarantee upon receiving the e-mail it originated from the true sender. (man in the middle).
TLS may be enough for certain organizations but it all depends on the value of the information you are sharing and the risk associated with sharing the information
Full disclosure here. I rarely encrypt email. When I have a confidential document I may password protect it using PDF then use a back channel "voice" to pass along the de-cryption key.
Encrypting email has an issue in that it adds complexity and little security value. Most information is compromised at the end point. The recipient of an encrypted email is free to cut and paste and forward the content.
There are persistent protections that can be built in from Foos and WorkShare and others that would be good solutions for legal documents or content that you do not want re-used such as a for-pay information service, a legal document, or a research report.
Frankly until the 2006 tapping of ATT's network by the NSA there was only a very small risk of wide spread snooping on emails.
I agree with Mr. Stiennon in that encrypting emails provide little security for the effort.
You can add all the encryption and security you want to an email. You can spend thousands upon thousands of dollars on software. In the end, the user will be your fail point in security.
Unless you know you have people sniffing on your network or capturing data streams (which is a whole different problem); I highly doubt email encryption is worth it.
Maybe try secure data repositories for transfer of confidential data?
Answer This Question