A more astute question is why encrypt email at all? In this day and age of FBI cracking iPhones and other government agencies bullying large data and global/mobile communication providers such as Apple, Google and Microsoft, to name just a few. These cloud companies, and thousands like them, that rolled over for years providing meta data from phone records of private citizens and businesses until Libertarian supporter Edward Snowden broke the news to the world in 2013 that the CIA had been collecting, storing and disseminating these personal phone records pretty much at will. No one except for librarians, to whom we owe a debt of gratitude, seemed to have any understanding of data privacy until the Snowden scandal broke.
The reason to continue to encrypt your email and data is because security is a process, not an end-game destination — though not having conventional security in place can mean end-game for your business reputation. Securing your data privately, knowing all copies are contained, and not trusting the ambiguity of “the cloud” when you ask your provider where your data is really kept? Email encryption is not all it takes to ensure basic web and email security.
Staying out of any service with a storage solution simply described as “in the cloud” is difficult now. So much emphasis on public and private data clouds such as AWS, E2C, Google Drive, iCloud, etc, is becoming the only alternative. Just as Edward Snowden was one of tens of thousands of contractors with access to National Security data, what’s to ensure that one of the thousands of system admins at any of these cloud providers isn’t doing the same thing with your customer lists and competitive intelligence. How much can your really afford to trust “the cloud” anymore? Most of these huge providers have very little control or oversight of their system administrators who are usually instructed to do “whatever it takes” to keep the boss upstairs and clueless where he belongs, and the government snoops fat, happy with access to all your data, and out of his thinning hair.
So here’s the good news: The options for securing your email are greater than ever. I still like this thread from the venerable “Ask Leo” website, which still provides the clearest example of one’s options to secure traditional email properly:
As the article indicates, setting up proper security on the client side on multiple computers is often necessary to ensure everything is remaining encrypted between a sender and recipient. This can be alot to expect, especially if the person you are trying to exchange messages and documents with is not computer savvy. Social workers and therapists are able to keep secure communications private when emailing with family members and clients with a web-based, point-to-point encryption solution. While many good secure messaging solutions exist, only WordSecure Messaging offers a server-based solution not in the cloud. It is also able to be fitted with your logo and personal login for you and your customers.
Mobile based secure texting is always hard to trust since we all know what happens on mobile devices — you take a screen grab of whatever is of interest, and back on the internet it goes! The FBI, one of the worst agencies at computer science, was still able to crack the iPhone in under a few months, since the San Bernadino shootings in 2015. If the FBI can crack the most popular and encrypted phone on the planet so quickly, it is clear all mobile devices are a liability to security. Yet , you have to communicate, so, this is why server-based technologies are what we focus on in our business, and have since 2002. You can update most of the vital email security at once and not wait for users to update their systems to take advantage of security patches and enhancements.
Remember that whatever device or program you use to communicate with someone, ensure that it is appropriate for the kind of information being sent. Protected Health Information (PHI), for example, is any kind of electronic or written information pertaining to a person’s health, conditions, diseases, and medications. Even communicating that someone has an appointment with an oncologist could be considered a breach of PHI, which is punishable in civil and criminal prosecution of both companies and individuals! This means employees could get sued personally for knowingly sharing PHI with unauthorized entities. Health information as well as financial data, passwords, and other types of Personally Identifying Information (PII) are best kept protected, encrypted and out of the cloud, whenever possible.