Law Firm Security: How hard is Email Encryption?

November 8, 2018

The ability to encrypt email has been around for a while; however, it was always hard to do.  Let’s face it, most Lawyers are not going to use open source PGP, and this has been in a huge hole in Law Firm Security.  One common misconception is that you are forced to encrypt every email you send.  That is not true, you only need to encrypt sensitive emails that have important data like a Social Security Number.

Here is how Email Encryption works.

When I am sending a sensitive email in Outlook, I change the `Not Protected’ button to `Message Protected’.


When I click send the screen below comes up:


I can now choose how I want to encrypt the email. In this case, my client and I have a pre-approved password that they use to unlock all my emails. I could also use their phone number (they would get a phone call with the secret code) or come up with a custom question, like what is my dog’s name.

When the client opens my email, they would see this:


To view the message, the client must enter the secret passcode.


Once they opened the email, they could reply with their social security number and it would be encrypted as well.

Two great products for email encryption are Citrix ShareFile and Protected Trust.