Encryption Shouldn’t Be Cryptic!
Encryption, encryption and more encryption – the security buzz word on the tip of everyone’s tongue. The more interesting topic is what’s sitting on top of that core technology.
Making the decision to encrypt confidential emails that are leaving your secure network is about more than just encryption. The algorithms are not the differentiator when comparing various secure email solutions. You can find 2048-bit RSA encryption, 256-bit AES encryption, in SHA2 signatures in almost all modern security products.
Look and feel are the real differentiators
The component of the solution that does the encryption and decryption is (most of the time at least) solid and predictable. But sitting on top of that core security is the more interesting topic. Controlling which emails need encryption, the different types of delivery, the simplicity of registration, the look and feel (known as “branding”) of the emails and web site, are the real differentiators of a 1st class secure email solution.
As Director of Client Engagement at Echoworx, a recognized leader in secure digital communication, it is my job to help enterprise-level organizations understand how email encryption fits into their business model. And for me, this starts with helping them create a seamless end-to-end experience for their clients.
When I work with a new enterprise, a little time is always necessary to cover the basic security aspects of the platform. However, you may be surprised to learn that much more time is spent on fine-tuning the customer experience to align with the enterprises goals and expectations. Secure email becomes an integral part of the communications strategy for the entire business. It needs to look authentic, and use phrases and terminology that match the company’s web site and advertising.
Do not alienate anyone
Also important to consider is how varied the recipients of secure email will be. A grandmother at home with minimal computer experience who needs everything explained in detail, versus a tech-savvy millennial that expects efficiency and automation. The same secure email experience is used for both, so it had better not alienate anyone!
Your clients are unique, but they all need to trust you with their most personal data, and they will leave you if you lose it. A recent Echoworx survey, for example, found a full 80 per cent of customers consider leaving a brand after a data breach. That’s no small figure.
So how do we achieve this perfect blend of secure email that is still easy to read and send?
Keep it simple
For the employees of your company, they don’t want any extra steps or separate systems. If it’s inconvenient, they won’t use it. Fortunately, your corporate network is already secure with firewalls, access controls, and native security in your mail server. So let the encryption happen as the email is about to leave your network (commonly called the “gateway” or “boundary”).
It is the recipient who needs to work with the encrypted version of that email, and the best way to make them happy is to send it in the format they understand. A business partner should receive transparent encryption (called TLS); while a customer receiving a monthly statement should have a secure PDF attachment. A European bank may demand PGP emails since the employees have PGP software running on their desktops. The secure email platform should figure this out based on policies you define during initial customization of the service.
Make it available to everyone
If you’re doing business internationally, you also want to be aware of local jurisdictional laws and regulations. In our post-GDPR world, you know where and how you store your clients’ data matters. But don’t forget to consider how your communications will reach people in many non-English speaking countries. Here’s another example of that usability layer that lives above the actual encryption.
You want your clients to feel at home with you and comfortable sending sensitive information through encrypted channels. A confused customer is likely to second guess the validity of a secure message and may be more susceptible to scams. Investing in data privacy is not only good for your brand – it’s good customer service.
When done right, it’s “plain and simple!”
By Sarah Happé, Director of Client Engagement, Echoworx