TIPS & BEST PRACTICE 12. APR 2016
Recommendations for email encryption when doing international business
When your business grows and you have customers or partners all over the world, communication is the key. Email plays a major role in international business communication because different time zones limit other communication such as phone calls to limited time frames.
The good news:
Email is international. You can exchange emails with the whole world without any national restrictions.
The bad news:
Email is not secure. If you send confidential business information without encryption, it is technically possible for snoopers anywhere in the world to see this information.
Emails in international businesses relations are especially susceptible to industrial espionage and prone to raise interest with foreign governmental spying programs.
The obvious idea is to apply encryption. There are a few aspects however you should consider when choosing a solution for encrypting emails with international communication partners.
Avoid proprietary solutions which only work within closed groups.
- With such a solution both the sender and receiver need to download and install special software. It does not help a smooth communication workflow when there is an initial setup as well as a procurement process.
- The person you want to communicate with is not necessarily the person who decides which software should be installed in a company.
- Even if the solution provides a cost-free reading app, your communication partner may not have the rights to install arbitrary tools on the company PC.
- Proprietary solutions do not scale, you do not want to play a part in a set of tools that work only with specified business contacts.
- It is likely that the solution provider of your choice is not doing business on the market you choose to do business with. You don’t want to do their product test in foreign markets. Think localization, usability etc.
Choose a solution which
… works according to international encryption standards such as S/MIME and OpenPGP
… does not ask the recipient to download and install special software, plug-ins, or Apps
… is not limited to specified platforms, such as iOS only
… provides a variety of alternative secure delivery options without software installation for those of your contacts who do not possess keys and certificates for email encryption
… works policy-based and transparently for internal users so you can enforce email encryption for security and compliance
… is “Made in Germany” because in Germany we can still program security software without backdoors.