GDPR and Email Encryption...
GDPR is an annoyingly hot topic right now and one thing that keeps coming up is email encryption. So, let's cover off some of the basics.
Is Office 365 encrypted by default?
If you are setup with Office 365 this is a good starting point. Although when you send an email it's not fully encrypted (the person at the other end doesn't need a password or key to open the email) being on 365 all you need to know is that Microsoft is sending your day to day emails as securely as possible using TSL encryption.
Is Gmail or other providers encrypted by default?
If you have a business email account that isn't with Microsoft or Google you should check with your provider. Chances are that there will be available settings you can use to send emails just as securely as if you were using Office 365. Bigger organisations like Microsoft and Google will always keep their systems up to date such that you really don't need to worry about this.
When do I need to use full email encryption?
With GDPR it is your responsibility to make sure that any personal information you are dealing with is 100% secure. So, there may be times when you are sending personal sensitive information and you want to use full email encryption. This means that when the receiver gets the email he or she would need a password or key to view the contents.
Is full email encryption available in office 365?
Yes but it's only available in Microsoft office 365 E3 plan. If you run a small business you will likely be on Office 365 Business Essentials at £3.80 user / month or 365 Business Premium at £9.40 user / month. Office 365 Enterprise (E3) is £17.60 user / month so quite a jump in price and probably an amount you would ideally like to avoid.
How to easily send encrypted emails in Outlook for free
So, I have found a pretty cool alternative I think is perfect for any SME's who needs to send the occasional fully encrypted email. Virtru is a small Outlook (or Gmail) add-in that makes sending encrypted emails very easy.
Close Outlook on your PC or laptop down completely download from the Virtru website and run the download. Downloading only take a few seconds and the install a minute or so.
Once installed open Outlook and compose a new email, click the Virtru button. You have the option to set an expiration on the email, disable forwarding of the email and watermarking. The most important step is to "personalize introduction".
This is important because an email coming through as fully encrypted can often be mistaken for a phishing or malware type email. So with this said you want to make your personalised introduction as clear as possible that the email is in fact from you, is safe and can be trusted. If the email is very important it may even be worth sending an email beforehand with some basic explanation that the next email will be encrypted.
"This is a genuine email from (your name) (your email address). I have encrypted this email as it might contain sensitive or personal information. If you have any concerns about the validity of this email please email me directly at (your email address) for confirmation."
How does the encrypted email look from the recipient's side?
From the recipient's side opening the encrypted message is pretty simple. The email will come through as normal with the personalised message and the unlock message button just below.
Virtru will load their secure reader and you will be asked to enter the email address that the email was sent to. You will then need to verify by either logging in with a Google account or sending an email for verification. That's it the recipient will be able to view the original email within Virtru's secure platform.
The problems with encrypting emails...
A lot of people have asked me about email encryption with GDPR cut of date fast approaching. The problem with encrypting emails has always been the same sending fully encrypted is no problem but the receiver must be able to decrypt the message to read it.
There are unbelievably few simple options in getting around this after all you don't really want to be sending every encrypted email with a follow up unencrypted email containing an insecure password.
The reality is despite the scumbags of the world scaring you into thinking you need some super sophisticated and secure systems to be GDPR compliant so they can make a profit out of their scare tactics. The way we have emailed each other for the last 20 years can continue as normal, GDPR is about protecting sensitive personal information so you only need to use full email encryption when for example emailing someone's CV, bank details or password protected account details.
I have tested Virtru and this seems to be a good, basic, easy to use solution that should work for most SME's. If you think you are in the position that this solution is too basic Virtru do offer more enterprise solutions.
GoRazy.com Open Internet Promise...
We believe in a totally free and open internet where you can find what you're looking for, find great advice and helpful articles without being tracked or monitored in any way by the websites you visit.
So if you like the sound of an open internet that doesn't track you or serve up junk advertising share this and let's make the internet a better place!