08 Jan 2016

Email Encryption: Choosing the Right System

Author:

Email encryption systems often advertise identical benefits, but there are some critical differences that you should understand before choosing a system. Below we outline three different methods: True Direct Delivery, Secure Store and Forward and Public Key Exchange. The best method for security and ease of use is the “True Direct Delivery” method employed in RMail services, a member benefit of The Florida Bar.

1. True Direct Delivery – This system wraps an email message in an encrypted PDF file. This is a “strong crypto system” because (a) the message content is not stored in the middle, (b) content is truly delivered to the recipients’ desktops encrypted using AES 256-bit encryption, and (c) the content remains encrypted at the recipient endpoint to prevent a potential breach. This is RPost’s RMail encryption method, and we’ve made it easy to use and implement for both the sender to send from within Microsoft Outlook, Gmail, or iPad, and recipient (for both compliance and personal privacy).

2. Secure Store and Forward – This is a multi-step recipient retrieval process and it leads to recipient user experience complaints. The system stores your message content on a third party server and sends a link to the recipient to set up a username and password to download the content. Third party servers are managed by a third company who has unknown security practices. Data can be hacked on the server before or after you access your message. Content storage duration is often unknown.

Store and Forward is also cumbersome. The last thing your clients need is another login and password.

3. Public Key Exchange – This is a secure system that is extremely complex. The organizations that use this method include the Department of State and the Department of Defense. It is secure but very complicated to use when communicating with external parties. Public Key Exchange involves exchanging public encryption keys among contacts (PKI Digital Certificates). Users have to purchase and install digital certificates, manage the expirations, ensure their recipients have exchanged public keys, and use a compatible email program such as Microsoft Outlook desktop software. If you are sending messages to a client and they do not have their own public key, the system won’t work.

The best way to enforce a secure messaging system in your office is to select a “strong crypto system” that is easy for business professionals and their partners and clients to use.