You use email, I use email, we all use email. But are those emails being protected? How does that all work?
So, you might have heard of this thing called email encryption. Your business may have some form of this implemented. Maybe you have a limited idea of what it is or what it does- or maybe you don’t know anything about it. That’s okay. I’m new to this whole IT solutions thing and wasn’t quite sure myself.
Email encryption was next up on my list of things to learn. I’m here to pass along some of that knowledge to you. We’re not going to get too into the weeds today. This stuff can become very complicated very quickly. Let’s just talk about what email encryption is and why it matters to you.
Email encryption is a process that ensures only your intended recipients can view an email’s content by scrambling the information in the email into an illegible code while it's in transit.
It’s yet another layer of security in the ongoing fight against cyber threats. The main reason for email encryption is to protect sensitive data as it gets sent out over the internet. Let’s talk about that process and what it looks like.
No matter what type of business you’re working for, a time may come when you’ll send sensitive data to someone through email. Sensitive data or information includes any social security numbers, medical records or proprietary company information.
For example, you wouldn't want someone intercepting an email containing your social security number, and McDonald’s wouldn’t want someone intercepting an email that contains the recipe for the Big Mac sauce. It’s why we encrypt this data to keep it safe from cyber attackers.
Here at Innovative we use and sell an email encryption solution called AppRiver. Our outbound emails get filtered through the service and it detects when there is encryption-worthy information. The information that triggers the encryption is determined in a couple of ways.
The first way is through what we call trigger keywords. When these keywords are placed in an email, they trigger the encryption service. We set these up for clients so they can decide when they want to encrypt an email.
Another way encryption can be triggered is through policies. Through a service like AppRiver, a company can create policies that monitor for certain terms or specific types of information. Policies are designed to catch things people forget to encrypt or don’t know need to be encrypted.
AppRiver has preset policies for certain kinds of companies, but businesses can also create their own for more specific needs.
An added perk to this solution is that it understands how things like social security and credit card numbers work and recognizes them when they’re present. This is an added layer of automation in addition to the policies.
This automation saves the user from having to become a compliance expert. End users are usually the biggest security risk to a company, sometimes to no fault of their own. This helps fight against that.
Let’s say you work in healthcare and are sending an email to a patient that contains some of their insurance policy info. The organization knows info like this is regularly sent out and that it needs to be protected. The policy they have in place recognizes the information and encrypts it.
If the email is being sent outside the organization, the recipient will receive an email letting them know the message contains encrypted info. The subject line will tell them who the message is from and what the subject is.
There will be a link in that email that directs them to a website where they can log in and access the message. That website, also known as a portal, is a secure place to store encrypted emails and send responses.
We won’t get too detailed today, but that’s a simple explanation of how this service would work if you sent an email outside of your organization.
It can’t be said enough: Security. It sounds like a simple answer- and it is. The fact of the matter is that our lives and our businesses are very online these days, and we need to protect them. If you’ve read some of my previous articles, it might feel like I’m repeating myself, that’s because I am.
Not to be dramatic, but without proper security in place, you could lose everything. Email encryption is an important part of that. According to Ving, email is the preferred method of commercial communication by 74% of all online adults. That’s a lot of emails.
More often than not, it is our clients’ information being sent through email. It’s our responsibility to protect that information not just for them but in some cases because we are legally required to.
This is where compliance plays a role. If your company happens to be in an industry that requires compliance (healthcare, finance, education, etc.), you likely need to have email encryption implemented.
In the case of healthcare, failing to be HIPAA compliant can result in a hefty fine and put your patients’ information at risk.
There’s no reason to risk any of this. We owe it to them as our clients (or in the prior example’s case, patients). If we don’t keep their info safe, why should they want to do business with us?
You might come across a time when a client is annoyed at the extra step required to open their email. This is a totally fair complaint on their part. We all only have so much time in the day. This is where some email encryption knowledge can really come in handy.
We want to be able to explain why the encryption service is being used and why it’s important. You don’t have to be an expert; you just have to know what’s happening. They want their information protected, and this is the process we have to use to protect it.
Much like multi-factor authentication, email encryption is an investment of your time. Sure, it can be annoying, but those extra few seconds are worth it. They are necessary.
It’s also necessary to invest some money in a service like this. Free email encryption services don’t offer the customization or security that a paid service would.
You’re much better off putting money in on the front end to protect data than having that data end up in the wrong hands.
Hopefully, you’re feeling a lot better about your email encryption knowledge. These cybersecurity solutions can be pretty complicated. There’s no shame in hopping online and trying to learn more. Even reading a quick article like this is a big step in educating yourself. The more you know about this stuff, the better you’ll be able to protect yourself and your business.
Now, if you’ll excuse me, I need to go check my email.