Email Encryption – Protecting your Outgoing Email
In our Tech Tip last week, we discussed the methods available in Office 365 to encrypt outgoing email. But what happens once the email’s recipient receives and decrypts the email? How do you make sure that the email contents are secure to other parties?
The easiest way to protect outgoing email and add restrictions to it is with Information Rights Management (IRM) in Office 365. This type of encryption allows restrictions to be placed on emails that help “prevent sensitive information from being printed, forwarded, or copied by unauthorized people”. IRM provides protection for emails whether they are online or offline and can be applied manually or automatically to emails. However, not all devices are compatible with IRM.
Unfortunately, for as many restrictions as IRM allows to be placed on outgoing email, IRM itself cannot stop someone dedicated from copying the contents of emails and reproducing them in some other way. Those who are determined can make copies of email text in Word or Notepad, for example, or take a screenshot of the email. If data is sensitive enough that unauthorized reproduction is a concern, it should not be emailed in the first place. Stick to non-electronic communication like a printout that could be monitored and shredded. If security is a concern, record who has access to the document and give each person a copy with different yet subtle watermarks to track if the document is reproduced.
Ultimately, IRM in Office 365 provides the encryption and restrictions needed to protect most information sent via email. However, if security is an utmost concern for a particular email such that any reproduction of the email would be disastrous, other methods of sharing the information should be considered that would take more time and resources to be copied.