Encryption -- turning a message into code before sending for security reasons -- has become standard protocol for sending the majority of email transmissions today. This trend can be seen in both the private and public sectors, but it is especially the case in the public sector, where 83% of federal agencies have policies allowing employees to encrypt emails.
While this sounds like a positive development, unfortunately, encryption is a double-edged sword. Encrypting messages does add a significant level of security, as encrypted messages have to be unencrypted, which takes time and makes them much less valuable to hackers. But emails that users encrypt at their desktop before sending cannot be subjected to any kind of content verification by network security, which makes it almost impossible to trace unauthorized data transmissions. In practice, the encryption that is used to guarantee the security of data actually becomes a method to send unauthorized data undetected through the email gateway.
The Encryption Conundrum
This encryption conundrum puts IT managers between a rock and a hard place. Nobody wants to give up the high level of security provided by encrypting employee emails, but IT security experts almost all say that significantly more unauthorized data is lost from networks by email than flash drive, disc or any other method.
The problem is just going to grow as more businesses and agencies move to encrypting most or all of their email traffic. A recent study suggested that over 80% of IT security managers were concerned about loss of sensitive data through encrypted email.
Advanced Email Security Technology
The only way to effectively solve this encryption conundrum is with advanced email security technology. Thorough training of employees on encryption protocols and other software analytics methods will help control the loss of sensitive data through encrypted emails, but these measures will not thwart a smart and resourceful individual.
To be sure that no one is sending out unauthorized data in encrypted emails, IT managers must have the ability to unencrypt files before they are routed to your Exchange server for outbound transmission. This is obviously a more laborious and time consuming process, but protocols can be set up so that only certain messages or a certain percentage of messages are unencrypted before outbound transmission.
This kind of advanced email security takes some significant expertise to set up properly. Federal agencies will likely staff up their IT departments and take on the task in-house. But that idea can be a little daunting for small and medium-sized businesses. Small and medium businesses should consider working with a high-end local IT services provider to get the results they want. Learn more about how to secure your email from a data leak.