06 Feb Email Encryption Needs to Be Seamless for Users
Why a user-first approach is vital to avoid security breaches
Whether we’re sending an invoice to a customer on the other side of the world, or arranging lunch with a colleague in the office down the hall, email is at the heart of business. We all use it, all day every day. On desktops, laptops and phones. From the office, the bus, the coffee shop, and all too often when we’re (supposed to be!) on holiday too.
But while email is indispensable, it’s not confidential. Messages aren’t encrypted by default. So, anyone who intercepts a message in transit, or who receives it accidentally because the sender mistyped the email address, can read it. This doesn’t matter when the message is concerned with trying to find a convenient time for lunch. But if it contains the draft of this year’s financial report, the design for next year’s new product launch, or a backup of the HR database, that’s far from ideal. And, in the case of the HR database specifically, it constitutes a full-blown data breach that needs reporting under the terms of GDPR. It will almost certainly be costly in both financial and reputational terms.
Implementing encrypted email within your company requires solving two separate problems. First, you need a solution that doesn’t store both the encrypted messages and the decryption keys on the same server. It’s insecure if the server were to be attacked, and it falls foul of a number of key regulatory issues too. Secondly, you need something that allows your users to continue to work in the way that they’re used to. In an ideal world they’d retain all their existing workflow and processes, with perhaps a “do you want to encrypt this?” pop-up dialog box within their email client when they hit Send. If it’s any more complicated than that, you’ll get instant resentment and a lot of extra calls to the help desk.
For certain types of users, the option to encrypt a message, or not, might not be sufficiently secure. In this case, look for a product that gives IT administrators the ability to make encryption mandatory on all messages for certain users or groups. And – for maximum flexibility when users are away from the office – ensure that your chosen solution allows messages to be sent and received securely on both Android and iOS devices as well as on conventional desktops and laptops.
Ultimately, information security is all about user convenience. If your users can’t get to grips with it quickly and intuitively, they’ll try to circumvent it. So whichever email encryption product you introduce, make sure it’s a seamless experience. Otherwise you’ll end up as the main topic of conversation over that lunch, and it won’t be pretty.
To find out more about Enterprise Secure Email from Scentrics, or to arrange a demo, see https://www.scentrics.com/products-and-services/messaging-email-security.