Email encryption – a few common fallacies
The dawn of GDPR is upon us. All email now need to be encrypted right?
Depends!
There are common misconceptions surrounding emails and encryption and security in general. First of all, let us consider the way things were a few years ago. All emails sent in plain text – a bit like a postcard – the postman could enjoy reading it and nobody is any the wiser. Also in those days usernames and passwords sent in plain text – same problem. Now the World is a much less trusting place and these approaches no longer cut the mustard. So what should you do?
Encrypted channel
This is a bit like sending your good old fashioned postcard but this time inside a tinbox with a seal on it. The postman will have to look elsewhere for his thrills. The postcard is still in plain text but a man-in-the-midde is unable to intercept it.
Encrypted email
This time the email contents are treated to a cipher which renders them unreadable and makes them unintelligible to the recipient without the password you choose. This is akin to the prying postman being able to look at your postcard but it is written in Martian and he only speaks English. Added to which he doesn’t know it is in Martian!
Encrypted channel & email
Of course you can do both, which is the most secure option of all.
Practicality
Come the glorious day of the 25th May it will not, even then, be practical to send all of your emails in a totally encrypted way. I would certainly recommend it for sensitive data though and we can supply software to help with this. This same software can be used to encrypt files and folders on your PCs, laptops and servers too.
I would always recommend that you use an encrypted channel for your emails wherever possible. Make sure TLS/SSL is turned on, and encrypt your passwords.