NCSAM: How to protect your business emailby Sendinc - Vendor - Oct 24 2011, 12:00
With all the media attention surrounding security breaches these days, most businesses have become more knowledgeable about threats to their IT systems and ways to mitigate those threats.
Because most security solutions are too complicated, many businesses handle the threats by not dealing with them at all. Users find email encryption as too technical, and they either stick to fax or snail mail, or they take the risk in sending an email without encryption.
With that being said, here are three things to keep in mind when considering email security and encryption.
Don’t abandon email. Encrypt it.
These days, you have to navigate your business through fierce competition and a lethargic economic environment. That’s why your actions should be cost-effective all the time. Snail mail and fax are nowhere near the cost-effectiveness of email. If you avoid email and instead rely on these outdated methods for your daily business communications, you can’t hope to keep up with the competition.
On the other hand, if you continue using unencrypted email, and the contents of your email end up in the hands of unauthorized individuals, you could face tough requirements or sanctions from regulations like HIPAA/HITECH, SOX, GLBA, FERPA, as well as those state/territorial data breach notification laws.
The moment you send sensitive information through email, you’ll be taking unnecessary risks. The Internet is probably the most highly vulnerable network in the world. If you allow your confidential data to go through it unprotected, then don’t be surprised if you find your business in tomorrow’s headlines.
Therefore, the only reasonable choices are perfectly clear. First, you need to use email for business communications. Second, you need to apply email encryption.
Encryption can render the content and attachments in your emails useless to unauthorized users. Without the necessary key, it would be virtually impossible for anyone to break today’s widely accepted encryption algorithms. Even if crooks get a hold of your encrypted data, they can do you no harm.
What kinds of data should you encrypt?
If you consider all the electronic data in your IT systems, you’ll probably notice that there’s a lot more sensitive information that goes into your email than you thought, including personal information of your employees and your customers, as well as strategic business information.
This includes people’s names, Social Security numbers, driver’s license numbers, state identification card numbers, account numbers and credit/debit card numbers. It also includes information relating to people’s physical and mental health, provisions of health care, payments for the provisions of health care, birthdates, addresses and so on.
Surely, you wouldn't want your competitors to get their hands on your marketing plans, business plans, product development strategies, customer data, pricing data, employee salaries, or supplier information. You may also want to keep your competitors’ eyes off certain blueprints, schematic diagrams, and source codes. If you really think about it, there can be a lot of information that should be classified as ‘confidential.”
But there are a number of circumstances, which might require you to send this information via email. You may need to share it with your business partners, distributors, consultants, external auditors, lawyers, insurance providers, etc. You may also have to send some of that data to your offices in other cities, employees on the road, managers and executives who are out of town and many other units in your organization.
If you’re not sure whether your organization really needs to implement email encryption, you can conduct an inventory on the types of information that you have collected in the past, that you are currently collecting and that you will most likely collect in the future. If any of that information matches those types mentioned earlier, then you may have to seriously consider encrypting your email.
What to look for in an email encryption solution
After examining the data in your IT system and identifying sensitive information, scouting for a suitable email encryption solution is your next step. A lot of pretty strong email encryption technologies are out there, but many of them were designed without the regular end user in mind.
You have to remember that it may be necessary to ask the usual recipients of your emails to adopt the same solution, in order for them to be able to decrypt your messages. These recipients can include your business associates, clients and employees. If many of them are non-technical people, choosing a solution that would require complicated installations and configurations might not work out in the end.
Some of them might not even get past the installation phase. You should also look into the encryption product’s ease of use after installation and configuration. You’ll find a lot of solutions that require an understanding of encryption keys and encryption key management. Even if you can help your recipients hurdle the installation and configuration part, they may still have to deal with the complicated process of managing encryption/decryption keys.
Many times, we’ve seen investments on IT security software or equipment go to waste because end users simply found them too intimidating. For your email encryption efforts to be really effective, you need to adopt a solution that’s devoid of complex processes. Only then can you expect end users to cooperate and your emails to gain ample protection against security breaches.
[NOTE: The Tech Herald will on occasion publish industry related, and vendor submitted items. They are subject to editing for length and sales content.]
This article was submitted by Sendinc.
Sendinc is a leading provider of secure email services for small- to medium-sized businesses, professional and non-profit organizations and individuals. Sendinc is the first user-friendly, cloud-based secure email service on the market using leading security technology and the highest grade email encryption methodologies. For more information, visit http://www.sendinc.com.