The Small-Business Owner's Guide to Secure E-Mail
Greater need for encrypted e-mail has spawned a host of new Web-based services for companies of every size and budget.
Secure e-mail, encrypted so only the sender and receiver can read it, has been strictly the stuff of big companies and sci-fi geeks.
But just like everything else in this digital age, e-mail security has become simpler and more Web-based -- and dozens of firms are offering options for sending and receiving secure messages.
Encrypted e-mail will almost certainly never replace open e-mail -- it is too cumbersome and expensive. But even tiny firms need to protect critical info like tax returns, independent contractor IRS 1099-Misc forms, and human resources data.
The small-business security burden will only grow. Not only are federal security officials requiring stringent new rules for sending and receiving employee information, but the coming health care reform bill also requires firms to file secure IRS Form 1099-Misc documents for contractors and vendors. We're talking dozens of secure filings for even modest firms.
With that in mind, here is a roundup of services the little guy can use to keep a big secret:
For Small Companies That Have a Little More to Spend
PGP Desktop Email (perpetual license: $164 per user)
- Worth considering: Symantec's Desktop Email product allows for complete, easy to use encryption of most messages, provided both parties have the software properly installed. Those without the code get an encrypted zip file that can be attached to any piece of mail.
- But beware: Users outside the system must exchange some form of password or identifying code, which can be cumbersome. Allow time to get folks up to speed.
- Bottom line: Security is complex, but there is real value in this spend for firms with secrets to keep.
For Firms That Want to Keep It Secure ut Simple
Hushmail (free for single users, domain support starts at $10 a month)
- Worth considering: Not too paranoid or too complex, Vancouver-based Hushmail offers a simple set-up. It's fairly easy to establish basic security questions and answers to read messages.
- But beware: This is a seriously no-frills e-mail interface, and features are similarly basic. Also keep in mind that this sort of encryption is hardly bombproof from a security perspective.
- Bottom line: For a manageable level of hassle you can send your taxes, health care data or other info over the Web.
For the Secretive Web-Based Office
JumbleMe (free for 100 e-mails a year, $9.95 per year for 500 e-mails)
- Worth considering: Schwenksville, Penn.-based JumbleMe lets messages be sent received via the Web, meaning you can access them from whatever computer you're using without having to worry about them falling into the wrong hands. And they do it with an attractive, easy to use internet-based interface.
- But beware: JumbleMe takes a bit of cloak-and-dagger to use properly. Both sides will need to keep track of previously agreed upon passwords. And depending on how it is configured, you may have to use an odd, and questionably professional, e-mail address like firstname.lastname@example.org.
- Bottom line: For not a lot of money or hassle, and with a bit of planning, JumbleMe lets you send some seriously secure e-mail.
For Small Groups With Lots of Sensitive Data
ZixMail Desktop Email Encryption (three-year license for up to 49 users, $90 per user, per year)
- Worth considering: Cornelia, Ga.-based ZixMail lets groups of up to 49 send and receive secure messages with minimal passwords or hassle. Those not on the system are routed to a Web-based portal that is reasonably easy to navigate.
- You may miss the bells and whistles of, say, a Symantec product. This is one stripped-down interface.
- Bottom line: If you're a small business managing a fair amount of secure information -- like medical records -- and you need an affordable way to stay secure, ZixMail is a good value for the money.
Djigzo Open Souce Email Encryption (free)
- Worth considering: Netherlands-based security firm Djigzo is for you if your company absolutely, positively, must keep a secret.
- But beware: You will need to master some major-league tech stuff like the fairly complex open-source Ubuntu desktop computer operating system self-configured -- and probably self-built -- e-mail servers, and serious, serious security techniques like incoming text messages that contain unique, by-message passwords that users are fed in order to read a given communication. Also, Djigzo has many terrifying release forms as part of its service. Language like "Strong cyptrography is illegal in some parts of the world," and "It's your responsibility … " to make sure you are allowed to use the tool, which can be intimidating to consider.
- Bottom line: It won't be easy, but you really can get this all to work. And when you do, your secrets will stay just that: secret.