When thinking about your legal requirements as a business owner or director with respect to email, one normally thinks about marketing and whether or not it is permissible for you to bombard your clients with unsolicited marketing emails.
However, you also need to think about what responsibilities you have to your clients with regard to keeping your communications with them confidential. Certainly as far as the Data Protection Act of 1998 is concerned, you need to protect sensitive personal data from disclosure, but what about more general content? Do you want any Tom, Dick or Harry to be able to read what was intended for your customer’s eyes only?
Can anyone read my emails?
All “clear text” emails are inherently insecure. I’ve been banging on about this for years. Think of your standard email as a postcard, it can be read by anyone who takes the trouble to intercept it en route, whereas an encrypted email is akin to a registered letter – it’s far more secure.
Anyone using Google’s Gmail service has had it confirmed by Google that yes, they do scan and read all of our emails that they handle. We know for a fact that Big Brother in the guise of government also routinely scans our emails for content that might indicate terrorist activity. Do we really want our business communications handled in this way? Surely if you had something to hide you would secure it by encrypting it, so maybe we should all take that step and at least try to keep our business information confidential.
While we are on the subject of transmitted data, those of you that use services such as Dropbox for offsite data storage and or back-up are also putting that data at risk, not least because it will likely be stored offshore and therefore not subject to the same privacy laws as the UK. Indeed the president of the Law Society, Nicholas Fluck, has stated that risks generated by cross-border transfer of data are a major challenge to be addressed.
Fixing the email risk
Encrypting email is the answer to this particular problem. Historically, this was a non-starter because of the complexities of email encryption systems. However, this is no longer the case and should not be seen as an excuse not to implement email encryption today.
The best of these new breed of products allows you to send encrypted email to someone you have never emailed before and allows them to open and decrypt the email without the need to buy into the service. In fact, they can then reply to your email also in encrypted form, all free of charge and without the need to install any software on their PC.
Don’t be accused of Luddite tendencies. If you are using email or Cloud storage in your business without the precaution of encrypting that data in transit and at rest, you are an accident waiting to happen. Just think how easy it is to click ‘Send’, without thinking about the full content of the email you have just composed.
You might have guidelines, but does everyone follow the rules on every occasion? Remember, you will have no credible defence to offer and your business’s reputation could take a hammering. Don’t wait – act today!
Blog provided by Paul Simms of Reflect Digital on behalf of Egress Switch email encryption software.