To Encrypt Or Not Encrypt

To encrypt or not to encrypt? That is the question. The answer includes Shakespeare, Orwell and car immobilisers. Buckle up! 

With the help of a couple of literary greats and a car analogy, this article looks at the reasons why encryption gets overlooked, why it shouldn’t, and five benefits you may not have thought of.

Encryption and Immobilisers

Why is encryption overlooked? Many SMBs in the UK assume that a robust spam filter and flagging of potential phishing emails is sufficient. Many email providers, including Microsoft 365, provide entry-level security features that can be misconstrued as enterprise-class encryption.

When you buy a car, it can be tempting to opt out of upsells options. After all, the sales rep showing you extras such as car immobilisers and vehicle tracking can seem too much. If you have already spent close to your budget, paid extras can be the first to go.

But trying to make a saving on encryption or treating it as an optional extra is a mistake. Viewing encryption as ‘out of budget’ because it is offered as an extra paid feature with modular-priced SaaS license agreements leaves organisations exposed.

This packaging can create the impression with IT and finance teams that encryption is an optional extra, when really it is an absolute necessity.   Staying with the car buying analogy, it’s the equivalent of asking the sales rep for a discount for selling you the car without door locks.  

Why encryption is important

Encryption is important for three main reasons:

1. The additional layer of security from your email provider stops unauthorised users from intercepting and capturing login credentials from your users. It also secures in-transit emails as they travel from your email provider’s servers to or from those of your contacts.
2. Emails are secured by ensuring that only the intended recipient can read them. Should anyone else come into possession of the email, it is scrambled to become unreadable.
3. Stored, cached and archived email messages are also protected in the same way, meaning sensitive data cannot be lifted from older correspondence.

The benefits of encryption

There are the key benefits of taking an email encryption service.

1. The most important – privacy. Robust encryption solves the ‘integrity’ aspect of cybersecurity foundations, protecting everything from employees’ personal information to the company’s financial data.
2. Compliance: Heavily regulated sectors such as finance and healthcare have specific regulations for data protection, and email encryption is mandatory to meet them. Other more generalised regulations such as the GDPR strongly advise it to avoid the large fines and reputational damage that would come with a breach.
3. Cost saving: Although it can seem like an optional extra, a SaaS-based encryption service can save budget in the long-run. By using a specialist encryption service, your firm can save on the hardware costs of running another server to handle encryption workloads.
4. User productivity: Busy staff do not have to pay attention to potential phishing emails. Encryption and digital signatures automatically verify, or quarantine, emails appropriately. Instead of putting the onus on the user, email encryption keeps everyone focused on their day-job.

These factors refer us back to our Shakespearian introduction of whether to encrypt or not to encrypt. The overwhelming evidence suggests that encryption is a wise decision, and for the sake of a modest investment, it provides complete peace of mind with email security.

Some more equal than others?

Continuing our literary theme, it’s also important to consider Orwell’s notion that all animals are equal, but some animals are more equal than others. Email encryption providers are no different. 

Simply put, not all encryption providers use the same approach. Complete, end-to-end encryption should be the objective. SSL / TLS encryption can be flawed because the mail provider holds the encryption key, not the email’s recipient. Should the mail provider themselves be hacked, their customers’ data could be compromised. Other forms of encryption such, while more secure, can cause readability problems between different mail providers.