Risk

Electronic mail (email) is a significant part of our daily communications. Some of us may wonder if our email (information asset in digital format) are abused by others with malicious intentions.

Large Company

For larger corporations, in-house information technology (IT) department may have your email security covered. This is usually done by endpoint protection installed at your workstation and transmission encryption completed at the email client software level.

Small Company

For small to medium enterprise (SME) and individuals, what can we do to secure our email communications that is cost effective?

Thanks to non-proprietary software protocol development, the cost of obtaining reasonable security has reduced much. Internet Engineering Task Force (IETF) formed the OpenPGP Working Group.

https://tools.ietf.org/wg/openpgp/

Mitigation

OpenPGP stands for "Open Pretty Good Privacy", and the practical software implementation of OpenPGP can be found here:

https://www.openpgp.org/software/

All major platform (Windows, MacOS, Android, iOS) are supported and installations are manageable by an average user.

Consideration

OpenPGP is a public-key cryptography protocol, so in order to achieve end to end encryption, all parties within the email must have similar software installed.

Remember the balance principle of security; the security level can only be as good as the weakest link.