E-mails are considered to be one of the most important forms of communication in the business environment. But only every second company uses end-to-end encryption methods such as PGP or S/MIME, which are already considered tried-and-tested and reliable protective measures for e-mail communication.
To date, encrypted e-mails are used by just over half (55 percent) of German companies. This is the result of a survey by YouGov on behalf of mailbox.org, the Berlin-based email service specializing in data protection and data security. The survey was conducted in July 2022 and is based on online interviews with more than 500 IT decision-makers in small and medium-sized German companies from various industries.
Only every second company encrypts emails
As part of the survey, decision-makers were also asked why they did not use end-to-end encryption for their email communication. Almost half (49 percent) stated that their customers are not expected to have encrypted communications, 37 percent see no need for encrypted communications internally in the company and 22 percent find the setup and management of email encryption too complicated.
These justifications, although understandable at first glance, are often based on incorrect assumptions, missing information or are simply too short-term. Peer Heinlein, managing director of mailbox.org and himself a Linux and mail server specialist, comments on the three most frequently mentioned reasons:
Subscribe to our newsletter now
Read the best news from B2B CYBER SECURITY once a month
Expand for details on your consent
. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.
Reason #1: "Our customers don't expect encrypted communication."
"That shouldn't be an argument! Encryption not only protects customer communication, but also your own. This should be a must for responsible companies, regardless of customer expectations, if they want to secure their own future. In addition, in business communication, especially in an international environment, there are still legal requirements and compliance standards to be observed, which - also independent of customer expectations - are easier to fulfill if appropriate measures and processes are established from the start."
Reason #2: "The company sees no need for encrypted communications."
“It is impossible to say whether a trivial piece of information from today will become an explosive detail in the future. Nevertheless, encrypted communication in companies often does not have a strategic priority until there is actually a violation of data protection and data security. But by then it is too late and those responsible must face the financial, legal and reputational consequences of such an incident. The more effective and less damaging approach for the company is to preventively minimize these risks in any case and to rely on end-to-end encryption from the start.”
Reason #3: "Email encryption is too complicated to set up and manage."
“This is likely to be the case, especially when companies try to provide their entire e-mail infrastructure themselves. Even if the appropriate IT experts and resources are available in-house, they usually also have to take on numerous other IT-related tasks. In addition, ensuring seamless end-to-end encryption of all email communication can actually push many IT teams to their limits.
Fortunately, there is a simple solution: A service provider specializing in email hosting with a particular focus on data protection can help companies set up and keep up-to-date end-to-end encryption for email communication, without having to reserve staff and resources internally for this. For example, mailbox.org offers users the option of setting up PGP encryption with just one mouse click – all the necessary steps, from generating the key to making it available on PGP key servers, are taken care of automatically.”
More at Mailbox.org
The German e-mail specialist mailbox.org shows that digital sovereignty, security and data protection can also be combined with convenience and extensive features. In addition to classic e-mail core functions, security-conscious private and business customers also receive a calendar, address book, task management, online word processing and cloud storage based on an open source solution.
Matching articles on the topic
In 2017, Cybersecurity Ventures predicted that the global cost of damage from ransomware would reach $2021 billion by 20 ➡ Read more
Qbot remains top malware
The Qbot campaign, which occurred last month, uses a new delivery method in which an email with an attachment is sent to the target individuals ➡ Read more