No sane businessperson would write confidential information on a postcard and hand it off to strangers to deliver, but computer experts say that’s what sending unencrypted email is like.
Don’t assume your email provider is safeguarding your small business data. Even if your provider encrypts messages, that can be futile if the recipient’s provider doesn’t. Google issued a Transparency Report in June 2014 which showed that billions of emails travel the Internet unprotected from snooping every day.
You should consider encryption coverage for your small business if:
Government regulations or contracts require encryption. If your small business is in a regulated industry such as banking, health care, insurance or law, you may be required to encrypt certain data sent over public networks, such as patient health information or credit card transactions.
Customer data could be compromised. Failing to protect customer information could deal a fatal blow to your small business by destroying customers’ trust.
Competitive information could be revealed. Investigators suspect one company board member’s smartphone was infected with malware that sent copies of phone and text messages to a competitor, which narrowly underbid it on a contract.
No business is too small to be vulnerable to cyber attacks on its data. In fact, 30 percent of targeted “spear-phishing” attacks are aimed at small businesses, according to Symantec’s Internet Security Threat Report 2014. Businesses with fewer than 250 employees are the target of almost 20 percent of cyberattacks -- and 60 percent of those businesses close within six months.
The good news is that many providers are taking steps to better encrypt messages. However, for full protection you need data encryption from the time you connect to your provider, all the way through transit, and on to the point when the messages are stored -- and you need to think not just about email, but other ways you communicate data online as well, such as through texts and instant messaging.
Even if you have security systems such as encryption in place, remember that human failures like weak passwords and clicking on suspect emails can still make your data vulnerable.
Take these steps to protect your small business’s information:
Determine the level of security you need
Assess the types of information you share and whether it needs protection, either because of legal requirements or just to safeguard your business secrets.
Ensure you have encryption where you need it
Remember, some types of encryption secure messages only in transit, not on the sender’s or recipient’s networks. (See an explanation from Cisco of various types of encryption in “Best Practices for Business Class E-mail, Encryption, Authentication, and Control.”) Research the options available, which may be bundled with other services, such as antivirus and data-loss protection. Talk with your IT experts and providers for services such as email, text and instant messaging about your current level of protection, options and cost.
Educate your employees and business partners
Weak or shared passwords and sending messages through personal devices or public networks, such as the free Wi-Fi connection at the coffee shop, can circumvent the protections your business puts in place. Teach everyone what to encrypt and how to ensure their messages are secure.
When you connect with a business partner through email, text or instant messaging, it pays to make sure your confidential information is secure.