It is only natural that email’s dominant role in global communications has also allowed it to become a medium for fraud, unsolicited commercial overtures, malicious code, and other undesirable activities. Despite policies that may dictate otherwise, all forms of sensitive business information find their way into email, making it the primary means by which that data is inadvertently disclosed or purposefully stolen. The incidents of loss or disclosure of sensitive data via email are widespread.
Some of the Key Risk Factors for EMail include:
1. Laptops, wireless handhelds, & other mobile devices with sensitive data stolen or used by inappropriate personnel
2. Sensitive data sent to inappropriate parties
3. Sensitive data exchanged between customers & customer service representatives (CSRs)
4. Lack of a confidential communication channel with the supply chain
5. Out of compliance with regulations for privacy protection, financial systems control, etc.
Action Steps
The best contacts and resources to help you get it done
Understand the Risk to Your business
Each industry and business is subject to different risks. Studies have shown that the cost per lost record averages close to $200.
I recommend: Reading the
2006 Annual Study: Cost of a Data Breach
Know the Laws and Regulations Governing Your Business
Regulations that have proven to have a direct or indirect influence on the need for encryption:
• Enterprise email encryption is a comprehensive solution for any organization required to comply with Part 11 of Title 21 Code of Federal Regulations, which describes the FDA's guidance on Electronic Records and Electronic Signatures.
• CA SB 1386 – California's Database Security Breach Notification Act. The intent of the law is to protect California residents from identity theft by requiring organizations that have had computer security breaches to notify all affected California residents. The only way an organization can avoid notifying customers is to have encrypted all personal information prior to a security breach.
• HIPAA requires the HHS to ensure standardization of electronic patient data, assign unique health identifiers and implement security standards to protect the confidentiality and integrity of all “individually identifiable health information.”
I recommend: Reading abstracts of these laws, including:
*
SB 1386 Compliance Management Toolkit*HHS' guide on
Security Standards Technical SafeguardsPGP Corporation's
EMail Encryption Buyer's GuideAbstract of Part 11 of Title 21
Tips & Tactics
Helpful advice for making the most of this Guide
- When evaluating solutions for your email encryption needs, some of the areas you should consider include:
- -- Standards compatibility – An email encryption solution must be compliant with the various Internet and vendor standards on which you’re the email system is based. To achieve reasonable interoperability with the rest of the world, it must support both OpenPGP and S/MIME encoding—without exception.
- --Flexible encryption modes – Organizations need to be able to protect their sensitive information with the most rigorous end-to-end encryption available, but also have the flexibility to protect less-critical data with strong, server-based encryption that is less expensive and easy to manage. These modes must work together seamlessly and support mobile users and handheld devices.
- --Coexistence with anti-virus, anti-spam, & content filtering – An encryption solution should plug into the existing messaging security architecture, not go around it.
The official source of Buying EMail Encryption Software is
the Encryption Software page at Business.com
Featured Vendors
Email Marketing Lists From D&BRapid Reach lets you quickly connect with your target market using the power and flexibility of email marketing. Create lists of new leads today!
www.dnbrapidreach.com
Encryption SoftwareSecure, cost-effective data encryption solution. Avoid the cost of data breach notification with GuardianEdge. Learn More!
www.GuardianEdge.com
Symantec Email ArchivingSimplify mailbox management and storage with faster backups. Get rid of PSTs and reduce email storage by 80%.
www.symantec.com
Email SoftwareWeb-based email marketing software allows small businesses to easily create HTML emails, build and manage email lists, and track campaign results.
www.ConstantContact.com
Subscribe to
Try our free weekly WhatWorks newsletter, with business how-to advice
& resources from Work.com.
Related Resources from Business.com
Comments
Is any content on this page inappropriate? To let us know, please 
