QUESTION: I am looking for a secure method of encrypting e-mail messages that includes sensitive customer information that is easy to use for the recipient.
REPLY: Email remains the most common communication channel used by small businesses to interact with their customers, but it is also one of the least secure.
Sending a standard email is often compared to sending a postcard in the mail; anyone who comes in contact with the postcard can read any message written on it.
Encrypting an email is like placing the postcard in a sealed envelope to protect it from prying eyes.
Security versus user-friendliness
From a technical standpoint, it makes sense to encrypt every message sent to your customers, but due to the wide variety of ways your customers use email, it may not be very easy for them to open and to read your messages.
Traditional email encryption tools require both parties’ email servers to be configured with the same protocols, which is just not practical unless you have a small number of somewhat tech-savvy clients.
Generating and distributing your own encryption keys is another option, but it often means that your customers have to download and install specific software or create an account on the platform you choose to use.
Many businesses have created customer portals on secure servers to interact with their customers, but forcing customers to log into a separate website each time you want to communicate with them isn’t really convenient for your customers either.
Web Mail Options
Many popular webmail services like Gmail automatically integrate TLS or HTTPS (Transport Layer Security) whenever their users are logged into their accounts.
This ensures that users’ messages are encrypted between their computers and Google’s mail servers to prevent others from easily reading the content. If you use Gmail and your recipients also use Gmail, your interactions are automatically secure throughout the process.
If you’re using Gmail and your recipient uses another service that doesn’t support TLS, Google needs to convert the message back to an unsecured format before sending it to your customer’s mail server.
RELATED: Take These New Years Resolutions To Improve Your Tech Life In 2019
While asking your customers to create an account on the same TLS-supported webmail service is convenient, this is one approach, but it may be best for you to determine if what they are already using supports TLS. .
An easy way to do this is to use the LuxSci TLS Checker tool to check your clients’ domains for SMTP TLS support.
Keep in mind that using TLS does not prevent any of the mail servers from seeing what’s in your messages, so if this level of security is a requirement, you will need to use one of the methods of most technical encryption.
Alternative messaging options
Many popular messaging platforms such as Skype, WhatsApp, Signal, Facebook Messenger, and Apple’s iMessage have built-in end-to-end encryption, which will keep your communications private.
Some only allow messages while others like WhatsApp allow you to send attachments, so if your customers are already using these platforms, this is another way to avoid the potential confusion of a system. complicated email encryption.