How do I choose the right encryption method?

X-Archived    | January 10, 2019

Encryption is an important part of any serious proactive cybersecurity plan. You need it. Your customers demand it. And regulators applaud it.

But one does not simply ‘encrypt.’

In fact, algorithms aside, there are multiple ways to successfully encrypt, package and send sensitive information securely online. Each method has unique benefits and choosing a correct method can make all the difference when it comes down to your customer experience.

But how do you choose an encryption method that is right for your customers?

Here are a few questions to consider:

1. Why do I need encryption?
   Before choosing a correct method of encryption, you need to determine why you need to encrypt in the first place. What sort of sensitive information are you sending or collecting? In what format? Who are your recipients? What privacy regulations do you need to be aware of? Do your messages need to be encrypted in transit? At rest? Or both? These are just a few questions which can help you begin your encryption journey.
2. Who are your customers?
   Are your customers tech-savvy? Where are your customers located geographically? Are your customers protected under region-specific privacy regulations? What devices do they operate on? In order to understand which encryption method is right for your customers, you need to determine what exactly is required for communicating securely with them or if further encryption options are needed. If your recipients do not have a TLS connection, for example, multiple secure encryption delivery options are needed to ensure no sensitive information is sent over open channels.
3. Who are your employees?
   In today’s customer-centric world, you need to ensure all proactive cybersecurity details put your customers first. While this might sound solely like an end-user issue, good customer experience also involves your employees who are interacting with them. You need to ensure encryption is the path of least resistance for any employees sending sensitive customer information – whether internal or to customers direct.
4. What industry do you operate in?
   When it comes to encryption: One size doesn’t fit all. Different industries have different encryption needs. A large bank, for example, has considerably different demands than a large manufacturer – needing to send millions of secure statements a day as opposed to needing secure communications to collect customer payment information. This needs to be reflected in your decision-making process when choosing an appropriate method of encryption.
5. What are some common encryption solutions?
   When deciding how to best encrypt a message or document, determine what exact aspect of your message needs to be protected in transit and how you want it to be received by your end user. Here are some common solutions used by different industries:B2B Communications: Since it is easy-to-use and effective, provided a connection is available, TLS (Transport Layer Security) is the industry standard for delivering secure emails within B2B environments. In a nutshell, TLS encrypts the connection between two parties, like an encrypted tunnel, enabling secure messages to be sent without additional steps required for the end user.

   Related: Is TLS Good Enough?

   Banking and Financial Services: Since they send emails frequently that contain confidential financial information, banking and financial services organizations need robust encryption to provide data security and access controls in the event of a cyber-attack. The right encryption solution can also give different departments within the organization better access to and management of sensitive financial data and messages. The PCI DSS standard requires that personal account numbers be encrypted even before emails are sent, so encrypted attachments are a good option here.

   Attachment Encryption is where an attachment is encrypted, as opposed to the entire message body. This type of secure delivery works for one-way messaging, like sending an e-statement, where all the sensitive material can be encapsulated in its native format within a secure encrypted attachment. This type of encryption delivery eliminates the need to convert or download files from different formats – creating a more streamlined user experience.

   Healthcare Services: Personal information, like patient records, must be exchanged in real-time between healthcare providers, administrators, insurance companies and patients. But, in addition to being a fast and seamless experience, exchanging healthcare information needs to be a secure experience. On account of its portable nature and excellent mobile experience, where recipients are simply sent a notification prompting them to sign in to a secure online portal, without the need for any special software or infrastructure, web portal encryption is popular with many health care providers.

6. Seek partnerships which put your customers first
   You just can’t take chances when it comes to handling sensitive personal information online. But, from new privacy regulations with teeth, like the GDPR, to increasingly creative malicious actors online to security-investing competition, staying on top of a cybersecurity program can be challenging for many organizations. But the consequences of falling behind or suffering a breach can cost you time, money and, ultimately, your customers.

When you partner with Echoworx, you’re partnering with a full-time team of dedicated encryption specialists. Our job is to make ensure your data stays secure, compliant and that your encryption experience is seamless end-to-end – because good customer service doesn’t end when you press ‘send.’