There is a persistent concern about the security of emails that today is largely unfounded for several reasons:
- Most email providers will send emails securely if the recipients domain will accept them (which most do). Check out Google's real time report on the percentage of emails they see encrypted (inbound and outbound): https://transparencyreport.google.com/safer-email/overview?hl=en
- Because ~95% of emails are encrypted, those wishing to steal confidential information generally aren't going to spend their time trying to capture your email in transit. It is exceptionally hard to to (as you have to be connected into the physical path of the email), and you have to catch it live (in transit), as opposed to attacking the place where the email is stored long-term.
- A lot of the most confidential information is done within an organization, which can almost always be assumed to be secure (if the email configuration is done properly).
Despite this being more of a theoretical concern than a practical one, there are few very good reasons to actively encrypt email:
- Compliance
- Personal information is being sent
- Customer/Vendor perception
The good news is that encryption is very simple to accomplish. We can take one of 3 approaches:
- Set up particular recipient domains that are "guaranteed" to be sent encrypted (no interaction or special licensing required for sender or recipient). This is not sufficient for compliance, but can offer a simple, no-cost way to ensure that certain emails are always encrypted.
- Set up ALL domains to be sent encrypted (no interaction or special licensing required for sender or recipient) - this has the (somewhat major) downside that poorly configured email domains won't be able to receive messages at all from your organization
- Set up an encryption add-on where emails can be encrypted with one extra click at the time they are being sent. This requires an extra license on the sending side, and a slight extra amount of work from the recipient, but it guarantees delivery of all messages.
Most of our customers use Office 365 for their email - with Office 365 E3 (a step up from the basic Office email service), encryption can be done with one click on the "Encrypt" button:
Once this is done, the recipient will see the email come through similarly to this:
Clicking on the "Read the message" button will open a browser window where the user can simply login to their email account to see the message securely (where supported by the recipient's email provider), or request a one-time passcode be sent to their email that allows them to log in and see the message: