Complete I.T. Blog

Why isn’t email encryption more popular?

by | Apr 20, 2016 | Archived Articles

Corporate data is under constant threat of theft or exposure, either by cybercriminals, or even careless employees. Email remains a popular target for hackers as businesses regularly use it to transmit valuable information.

Increasingly, businesses are realising the value of encrypting data stored in their systems, so that even if it is lost, stolen or leaked, unauthorised parties cannot use the files. Encryption also helps to verify that the message is authentic, and has not been tampered with in transit. Similar technologies exist to protect email, but very few organisations use them – why not?

Deployment difficulties

To encrypt and decrypt email messages, both the sender and recipient need to have a security certificate installed on their computers; without this certificate, the message is unreadable. For messages sent between employees working at the same company, installing the certificates may be slightly burdensome, but technically feasible.

The same cannot be said for messages being sent to contacts outside the company. Every recipient still needs to have the same security certificate installed in order to read encrypted messages. Businesses need to convince customers to install the security certificates and then provide technical support to ensure the installation completes successfully, with no ongoing issues.

Obviously this overhead can be costly and time-consuming, hence the reason that most businesses don’t encrypt email – especially ones that are being sent outside the corporate firewall.

A viable alternative to email encryption

Rather than encrypting emails, businesses can achieve similar levels of protection by tightening their corporate security provisions to prevent interception and misuse. The first step is to improve network perimeter security, using firewalls to restrict access and prevent attackers from accessing the corporate email server.

Next, businesses need to ensure they install a robust anti-virus system, to identify and quarantine malware before it can infect company PCs. Viruses can compromise network security, damaging or stealing data, or creating a ‘backdoor’ through which hackers can access the company IT system whenever they choose.

Further protection is then added using anti-spam gateways to ensure that malicious messages that would otherwise overload your email server are removed before they arrive in your users’ inboxes. These systems can also prevent malware entering the network, further reducing the burden on your IT resources.

Robust security provisions are necessarily complex, but Complete I.T. make the deployment and management process much simpler with the Complete Cyber Security service. To learn more about how we can help you boost email security, please get in touch.