CIO Jury: Nearly 60% of companies don't encrypt corporate emails

Encryption can prevent cyberattacks, but seven out of 12 tech leaders said their companies do not use this process for emails.

Five encryption apps for wary Android users

Encryption--a process used to convert data from its original form to a format that is unreadable and unusable to anyone without the information needed to reverse it--is often meant to prevent third parties from viewing or accessing data.

With the average cost of a data breach at $3.62 million, encryption has been shown to reduce the costs of an incident, according to a study from IBM Security and the Ponemon Institute. The Department of Defense recently announced that it will begin using a stronger email encryption technology starting in July 2018.

"If you're not making use of encryption with your email, you should be," wrote TechRepublic contributing writer Jack Wallen. "More and more sensitive information is being passed between recipients, much of which is being sent in plain-text form. That means one thing: anyone can read it. To thwart that, we turn to encryption technology that promises to obfuscate that sensitive information; and it works."

Despite the benefits, the majority of CIOs said that they are not using encryption for email messaging. When asked "Does your company encrypt emails?" seven members of our CIO Jury panel said no, while five said yes.

SEE: Encryption Policy (Tech Pro Research)

"I think we need 'critical mass' before we start doing this, and we certainly aren't the DoD," said Simon Johns, IT director at Sheppard Robson Architects LLP.

At Shealy Electrical Wholesalers, "long term, we want to implement it, but we have insufficient time and resources at present," said Jeff Focke, director of IT.

"We assume email is insecure communications," said Jeff Kopp, technology coordinator at Christ the King Catholic School.

On the other hand, Dustin Bolander, CIO at Technology Pointe, said his company has been encrypting emails for the past few years "due to regulatory requirements."

Others are newer to the technology. "We just started the process, using Microsoft tools," said Michael Hanken, vice president of IT at Multiquip Inc. "First impressions and feedback look very favorable."

The national conversation around encryption came to a head with the 2015 controversy between Apple and the FBI, in which Apple refused a court order to unlock the iPhone used by the San Bernardino shooter. The Justice Department eventually dropped its case against Apple, as it unlocked the phone with help from an outside party. Since then, a number of states have seen similar cases.

For the average user, encryption can be difficult to figure out, Wallen wrote. But companies can try and simplify encryption for email purposes, using tools such as SecureMyEmail.

This month's CIO Jury included:

Dan Fiehn, group IT director, Markerstudy Group

Michael Hanken, vice president of IT, Multiquip Inc.

Dustin Bolander, CIO, Technology Pointe

Jeff Kopp, technology coordinator, Christ the King Catholic School

Corey Peissig, vice president of technical operations, Optimal Blue

Mark Johns, former director of application systems design and development, Health Partners Plans

Jeff Focke, director of IT, Shealy Electrical Wholesalers

Mike S. Ferris, global IT director of infrastructure, Lincoln Electric

Simon Johns, IT director, Sheppard Robson Architects LLP

Shane Milam, executive director of technology infrastructure services, Mercer University

Gene Richardson, COO, Experts Exchange

Inder Davalur, group CIO, KIMS Hospitals Private Limited

Want to be part of TechRepublic's CIO Jury and have your say on the top issues for IT decision makers? If you are a CIO, CTO, IT director, or equivalent at a large or small company, working in the private sector or in government, and you want to join TechRepublic's CIO Jury pool, click the Contact link below or email alison dot denisco at cbsinteractive dot com, and send your name, title, company, location, and email address.

Image: iStockphoto/Prasit Rodphan

Also see