10 Commandments of Email Encryption


Thought Leadership

10 Commandments of Email Encryption

Neil Farquharson

At no time in history has personal and corporate data been more widely targeted by criminals. With never-ending threats and compliance demands, it’s vital for IT and employees to work together to create the most secure environment possible. When both sides are on the same page, an organization is at its strongest.

To help with the cause, we wanted to provide ZixCorp’s “10 Commandments of Email Encryption” that highlight the responsibilities of both IT and employees to ensure data being transmitted from an organization is secure.

IT Commandments

  1. Thou Shalt Educate

Unless your email encryption solution encrypts every single email sent by your employees, it’s crucial to implement policies and offer employee training to prevent leakage of sensitive information.

  1. Thou Shalt Stay Compliant with Regulatory Mandates

Securing sensitive information in email isn’t just a best practice — it’s often the law. HIPAA, HITECH, GLBA, state data security laws and guidance from FFIEC agencies make it clear that protecting sensitive information is no longer optional. Make sure the solution you use leverages proven and up-to-date policy filters to catch any messages that might slip through the cracks.

  1. Thou Shalt Not Use Outdated Solutions

Threats are constantly evolving and business should avoid getting trapped with a solution that is ill-equipped to handle modern threats. Instead of sticking with an outdated solution because it's convenient or familiar, choose one that can adequately protect the needs of your business.

  1. Thou Shalt Choose a Solution that's Easy AND Secure

Not all email encryption solutions are created equal. Often they compromise ease-of-use, security, or both. Choose a solution that makes secure email convenient for you, your senders and your receivers. Don’t let the complexity and maintenance of a solution pose a barrier to getting work done effectively. When users have too many hoops to jump through, they may resort to insecure methods—putting your business at risk.

  1. Thou Shalt Take Mobility into Consideration

Business is no longer conducted behind a desk. Mobile phones have expanded the workplace and work hours, and more users spend time on email than any other internet-enabled activity. With increasing dependence on mobile devices, convenient mobile delivery of encrypted messages is a critical consideration for keeping business moving forward and keeping your customers and business partners happy.

Employee Commandments

  1. Thou Shalt Understand the Importance of Email Encryption

Regular email isn’t a private conversation and can be easily intercepted and read by unwanted parties. By law, companies are required to protect certain types of personal information, but more importantly, it is simply a smarter way to do business. In addition, email encryption increases efficiencies by allowing the electronic transfer of sensitive information that has traditionally required slower manual delivery methods. Email encryption is one way you can take responsibility to protect sensitive information.

  1. Thou Shalt Take Responsibility to Protect Data

When you are sending unsecure emails, make sure there is nothing included that should be encrypted, such as social security numbers, contracts, financial information, and personal health information. Even if your company has policy filters, it’s still best to err on the safe side and to take responsibility for protecting sensitive data.

  1. Thou Shalt Make Email Encryption the Rule, Not the Exception

Again, if you aren’t sure if an email needs to be encrypted, play it safe and encrypt! There is too much at stake to take a chance. Often the worst breaches and policy violations stem from human error — well-meaning employees who have no idea that they are putting patient records, credit card information and client identities at risk.

  1. Thou Shalt Be Attentive

Whether you work for a healthcare company, law firm or financial services company, it is important to be aware of the type of regulatory compliance you need to adhere to. Even a basic understanding will help in the long run.

  1. Thou Shalt Ask Questions

Email encryption can be confusing if you are not tech savvy. If you ever have questions or concerns about email encryption and compliance, it is your responsibility to ask. In the end, it is better to ask a question than to let an email slip through that contains sensitive information.

By adhering to these commandments, IT and employees will ensure the organization they work for is as secure and regulatory compliant as possible. Protecting customer and patient data is a team effort and requires complete buy-in and accountability.