Email encryption

Email encryption

Didn't find your answer?

Do you encrypt your emails to clients?  Im very aware of the sensitive data contained within many emails and am currently researching a cost effective way to do this.

What do you use? How much does it cost?

Does it work effectively?

Thanks

Sheffield

Replies (10)

Please login or register to join the discussion.

avatar
By RussellD
15th Dec 2011 12:24

Secure File Exchange alternative to email

Hi Sheffield Accountant

Email is notoriously insecure - although to be fair most people prefer to put their heads in the sand about the risks.

Rather than try to make it secure, we have made it possible to securely transfer documents to clients over the internet (admittedly both have to be users of our service) - available for £20 pm or free for Partners.  http://www.online50.net/SecureFileExchange.html

Hope that helps with your thinking.

Russell Dickens

Online50

 

Thanks (0)
avatar
By cverrier
15th Dec 2011 16:50

Secure exchange is best, but not the only option

Avoiding email entirely and using a secure document exchange is clearly the most secure option.   In the USA, these are used quite a lot, as many states have laws prohibiting the inclusion of things like Social Security numbers in emails.

If you put personal information about a client (and I think the contents of their tax return clearly counts!) in an email and then it goes astray (somebody clicked the wrong email address when sending it) then you could well be deemed to have not taken due care of the data and be in breach of the Data Protection Act.

 

If you decide this is all too much for you, then the simplest approach is to put the sensitive data into a PDF file and password protect that file before emailing it. Most software will offer you a password option when you create PDFs.    This process also encrypts the file.  (Some PDF software allows you to select different levels of protection - 40-bit, 128-bit or 256-bit).

There are two kinds of password offered for PDF files - You can set a password that prevents the file being opened, and you can set a password that prevents it being printed, edited, etc.    The print/edit password is very low security and can be broken instantly by all kinds of free utilities.  The 'open' password is much more secure and is MUCH harder to break.    Most of the 'PDF Password cracker' tools you see on the Internet only refer to the 'print/edit' passwords.

There are tools which can break the 'open' password on a PDF file - 40-bit encryption can be broken in a matter of minutes, but the more secure options can take many hours (or longer) to break on a fast PC.   The longer and more obscure the password, the longer it takes to crack.

By setting a password - you've covered yourself as far as the Data Protection Act is concerned.  Unless you have clients with unusually sensitive tax affairs, then the standard PDF password tools are going to be fine.

 

 

Thanks (0)
Teignmouth
By Paul Scholes
15th Dec 2011 19:39

As Charles says

We password our PDFs to clients using their post code using Adobe Acrobat.  One tip add the PDF to the email and password that, leaving the file original unprotected.

Give it 6 months and there will be far more online facilities where you will get a message that a doc has not only been opened but authorised.

Thanks (0)
avatar
By sheffieldaccountant
15th Dec 2011 21:04

Has anyone tried the 'egress switch'.  I think this is what my institute recommend

Thanks (0)
avatar
By User deleted
16th Dec 2011 07:22

What is the point of the DPA ...

@cverrier

After all no-one ever seems to ever get pulled up on a breach by the authorities - so it is effectively useless !

Now if they imposed a 'rate card' such as £10 per individual per breach for a first offense and doubling each time there was a subsequent offense then it would be worth taking notice - otherwise in today’s society, anything that is unenforceable is worthless

Very simple - either make it enforceable with penalties or scrap it

http://www.guardian.co.uk/technology/blog/2011/may/03/sony-data-breach-online-entertainment

If these penalties were in place with Sony (25 million users @ £10 each) then they would certainly made sure their software was up to date and it would undoubtedly concentrated their minds on protection - otherwise why bother; just say sorry and move on ?

Thanks (0)
avatar
By jonstanton
20th Dec 2011 14:09

We use Egress Switch

We moved to Egress Switch over a year ago and recommend it to all clients when sending sensitive data, such as payroll or personal tax information.

Clients have taken to it very well, with the majority of them seeing it as a very positive step.  We bought the Egress licences, which as well as allowing us to send encrypted emails to clients also allows them to send back to us.  Therefore the client does not pay anything for the service (a key factor in getting clients to adopt it!).

With Egress you also get the ability to do Secure Data Exchange of files via the Internet (but with the files being fully encrypted before sending).

Costs for Egress depend on number of users, but for us we saw it as a relatively low figure given our high dependance on email.  It integrates with Outlook and is pretty straightforward to use.  I'd certainly recommend it as a product to look at.

Thanks (1)
avatar
By newmoon
20th Dec 2011 16:17

What about docSafe?

I noticed the advert for docSafe in the 2020 Innovation directory.

Does anyone use this, and does it protect emails or just attachments?

It has an electronic signature facility, which is of interest also.

Anyone using docSafe or have any comments about it?

Thanks (0)
avatar
By newmoon
20th Dec 2011 16:20

Does anyone use Gmail for business email?

Does anyone use Gmail for business email, and does that have encryption options?

Thanks (0)
avatar
By Kryton
08th Jan 2012 11:54

Encrypted Email Services

I have a lot of issues with encrypted email systems from a recipient perspective. The problem is that when people receive data by email, they assume, naturally, that the data belongs to them and they can view it when they please. However, if the data is stored in its encrypted form then if the encryption keys expire or the sender closes their account, then the data in the email may no longer accessible to the recipient.

The only way to ensure, as the client/recipient of the email is that you export it in a non-encrypted format - but I doubt that everyone is doing that with the email they are receiving.

Much better in my view, is to use an encrypted document transfer service which forces you to save the document - unencrypted.

I can just imagine a tax investigators view when you tell them that you have copies of all your returns but they are encrypted and when you try and open the encrypted email attachment - you can no longer access it. I am sure they would understand.

Regards,

Kryton

www.selestial.com

Thanks (0)