You already know why you need secure email.
Perhaps you're in a sector that's covered by federal email encryption mandates such as health care or finance, maybe you have statewide mandates to protect consumer data, or you recognize the inherent insecurities of email and want to increase your email security in order to protect your valuable trade secrets from prying eyes. In any case, the decision of which encrypted email service to choose can be a daunting one – one full of technical jargon, shortcuts, incompatibilities, and more.
All you need to remember is to “keep your email S.A.F.E.”.
S is for “Secure”
This seems like a no-brainer. You're encrypting your email, it HAS to be “Secure”, right? Not always.
Password protected files are easily cracked. TLS only protects point-to-point, and there are frequently 3-10 servers that handle each email message you send.
A is for “Accurate”
Accuracy is of utmost importance when dealing with email encryption. The most common reason for sensitive data to be sent in the clear is user error. An email encryption service must provide a “safety net” including filters that can trap data that is commonly accepted as “secure” such as social security numbers, and also highly-targeted filters for HIPAA compliance, Massachusetts and Nevada privacy laws, etc. Try to find out and use what the “big boys” use in your field.
F is for “Fault-tolerant”
If you have a single point of failure for your email encryption schema, and that point breaks (as it will sooner or later), what are you going to do, not send any sensitive email until it's fixed?
The most cost effective way of adding redundancy and reliability to your infrastructure is by moving to the cloud. Economies of scale allow cloud email services to provide all the above benefits and more at a cost that's a fraction of what it would cost to do it yourself. Also, they should include multiple locations and 24/7/365 monitoring and support of their infrastructure.
E is for “Easy”
No matter what the benefit, or how bad the penalty, people won't use a system that is too difficult.
Your users will forget (or say they did) to use a different email client to send encrypted email.
Recipients might not be able to open messages if it takes installing a program on their computer as their IT department may have that locked down.
Try to find an email encryption service that requires minimal setup, almost no maintenance, and works within the SMTP protocol guaranteeing compatibility with virtually every mail server on the planet.
The optimal email encryption service will offer transparent encryption/decryption to a select group of users, and easy access to others (again without compromising “S for Security”). Again, hosted email encryption services are especially well suited to this.
In summary, email encryption is complicated, and should be handled by experts. However, choosing the right solution is as simple as remembering to keep your email “S.A.F.E.”.