Many of our clients want to know if they need to encrypt their email messages and, if so, how to do it. Much of the sudden interest in email encryption is due to the recent adoption of regulations regarding consumer privacy and the protection of consumer data. The intent of these regulations is to place some of the responsibility on businesses for the growing and incredibly serious problem of identity theft.
If your business handles data your employees or customers would want to be kept private, or information that could be used in identity theft, you bear some responsibility for its safekeeping. Your responsibility continues even when transmitting this information from one computer to another, and that's where email encryption comes in.
Since email goes over the public Internet, it's possible for it to be intercepted and the information used for the purpose of identity theft. If you're sending social security numbers, account numbers, credit card numbers, health insurance information, etc., via email, it must be encrypted so only the intended recipient can read it. (Personally, I recommend against sending this type of information via email if you can avoid it.)
Email can be encrypted by using a dedicated appliance or special software that is installed at both the sender and the recipient computers. Hardware appliances are expensive and complicated to maintain, and encryption software has the disadvantage of having to be installed on the computer of every recipient.
Most small businesses opt to use a secure email service such as those offered by providers such as Microsoft and Postini. With these services, when the email contains confidential data, the sender puts a keyword (that you specify ahead of time) in the subject line such as "SECURE" or "CONFIDENTIAL". All outbound email is automatically encrypted and relayed through the provider. The computers at the provider recognize the keyword and email a link to the message recipient. The link takes the recipient to a secure web page, where they log in with a username and password that you provide so they can read the message.
The cost for secure email services are approximately $50 per year per user.