What is a secure method of encrypting email messages?
Q: What is a secure method of encrypting email messages, that includes sensitive client information and that’s easy for the recipient to use?
A: Email continues to be the most common communication channel for small businesses to interact with their clients, but it’s also one of the least secure.
Sending a standard email message is often compared to sending a post card through the mail; anyone that comes in contact with the post card can read whatever message has been written on it.
Encrypting email is akin to placing the post card into a sealed envelope to protect it from prying eyes.
Security vs. usability
From a technical standpoint, it makes sense to encrypt every message that goes out to your clients, but because of the wide variety of ways your clients use email, it may not be very easy for them to actually open and read your messages.
Traditional email encryption tools require that both parties mail servers be setup with the same protocols, which just isn’t practical unless you have a small number of clients that are somewhat tech savvy.
Generating and distributing your own encryption keys is another option, but that often means that your clients need to download and install specific software or sign up for an account on the platform you choose to use.
Many businesses have created client portals on secured servers to interact with their clients, but forcing clients to login to a separate website every time you want to communicate with them isn’t really all that convenient for your clients either.
Many popular webmail services such as Gmail automatically incorporate TLS or Transport Layer Security (HTTPS) whenever their users are on signed into their accounts.
This ensures that user messages are encrypted between their computers and Google’s mail servers to prevent others from easily reading the contents. If you use Gmail and your recipients are also using Gmail, your interactions are automatically secured all the way through.
If you use Gmail and your recipient uses another service that does not support TLS, Google has to convert the message back to an unsecured format before it’s sent to your client’s mail server.
If asking your clients to create an account on the same TLS supported webmail service is practical, that’s one approach, but it may be better for you to determine if what they are already using supports TLS.
An easy way to do this is by using the LuxSci TLS Checker Tool to check the domains for your clients for SMTP TLS support.
Keep in mind, using TLS does not prevent either of the mail servers from being able to see what is in your messages, so if that level of security is a requirement, you’ll have to use one of the more technical methods of encryption.
Alternative messaging options
Many of today’s popular messaging platforms like Skype, WhatsApp, Signal, Facebook Messenger and Apple’s iMessage incorporate end-to-end encryption, which will keep your communications private.
Some only allow messages while others like WhatsApp allow you to send attachments, so if your clients are already using these platforms, it’s another way to avoid the potential confusion of a complicated email encryption system.