A Look Inside the Email Encryption Conundrum
The practice of email encryption (turning a message into code before sending it beyond the network) has become standard protocol for the majority of email transactions today. This practice can be seen in both the private and public sectors, but it is especially prevalent within public organizations - where 83% of federal agencies have policies allowing employees to encrypt emails.
While this sounds like a positive development, unfortunately, encryption is a double-edged sword. Encrypting messages does add a significant level of security, as encrypted messages have to be unencrypted, which takes time and makes them much less valuable to hackers. But emails that users encrypt at their desktop before sending cannot be subjected to any kind of content verification by network security, which makes it almost impossible to trace unauthorized data transmissions. Ironically, the encryption that is used to guarantee the security of data can actually become a method to send unauthorized data undetected through networks.
The Encryption Conundrum
This dilemma puts IT managers between a rock and a hard place. Nobody wants to give up the high level of security provided by encrypting employee emails, but IT security experts maintain that significantly more unauthorized data is lost from networks by email than flash drive, disc or any other method.
The problem is just going to grow as more businesses and agencies move to encrypting most or all of their email traffic. A recent study suggests that over 80% of IT security managers were concerned about loss of sensitive data through encrypted email.
Advanced Email Security Technology
The only way to effectively solve the email encryption conundrum is with advanced email security technology. Thorough training of employees on encryption protocols and other software analytics methods will help control the loss of sensitive data through encrypted emails, but these measures will not thwart a smart and resourceful individual.
To be sure that no one is sending out unauthorized data in encrypted emails, IT managers must have the ability to unencrypt files before they are routed to your Exchange server for outbound transmission. This is obviously a more laborious and time consuming process, but protocols can be set up so that only certain messages or a certain percentage of messages are unencrypted before outbound transmission.
This kind of advanced email security takes some significant expertise to set up properly. Federal agencies will likely staff up their IT departments and take on the task in-house. This idea can be daunting for small and medium-sized businesses.
SMB's should consider working with a high-end local IT services provider to get the results they want from their email encryption. Learn more about how to secure your email from a data leak by visiting our website, or check out our whitepaper to find out why IT is a good investment for your business.