Just following up on a blog posting and something that came up on a listserve.

How can you email something confidentially both internally and externally [especially if you are wacko like I am and open up the email as per our employee policy]?

Adobe acrobat with a password protection that includes encryption is honestly the easier than anything else to send confidential documents to business associates.  Never send Word or Excel documents [especially us beancounters] because we should never send information that can be changed.  Not to mention it may include metadata that you don’t want to send.  Adobe’s come out with version 7 that is supposed to allow documents that are first done on version 7 pro or standard to be “inked/edited” on Adobe Reader.  I need to order that and check it out.

I’ve tried digital signatures in email and swapping dig certs, but most folks just can’t handle that yet.  At times I also use hypersend.com.  Encrypted email is still just a bit too much for most business folks to handle.

Honestly it is pretty easy to set up individual digital certificates.  In Outlook, Tools, Options, Security and click on “get a digital id” and walk yourself through buying one.  Attach the digtal cert to your outbound email and it will get automagically added to the email account you send your email to.  When THEY send YOU their dig cert, you will now have the opportunity to encrypt the email between your two boxes.  It’s amazing how UNDERUTILIZED it is though.

P.S.  Just so no one gets the wrong idea I agree with Dana that Adobe has it’s limitations..but I’m dealing with business folks with AOL email addresses who are still using Word Perfect with the blue dos interface.  I start talking adding digital certificates and swapping certs and I’ve totally lost these folks.  At LEAST I’m SB1386 in compliance.  I’ll be the first to admit I’m trading off functionaly over security.  If it truly needs protection, it’s hypersent. 


3 Responses to So how do you email something that should be confidential?

  1. Tim says:

    What about PGP?

    Cheap, easy to use, and good for external and internal emails.

  2. Dana Epp says:

    Hey Susan,

    You might want to check out my post earlier this week on the weaknesses of the security in Adobe PDFs. http://silverstr.ufies.org/blog/archives/000747.html

    It is NOT the panacea you make it out to be.

    If you really need to secure transmission of documents, and guarantee that only the recipient receives it, something like PGP is a MUCH better way to go. Of course, once the recipient receives the document and decrypts it.. you have no more control.

    Which is why Microsoft has its Rights Management Service (RMS). RMS (don’t confuse it with DRM) allows you apply constraints like time-basing documents to authorizing who can print or forward an email. Of course, this only works in an organization sharing an RMS server. You can learn more about RMS at http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx

  3. Susan says:

    To make it clear I don’t advocate Adobe as the absolute protection… all I’m saying is it’s about all the business folks that I deal with can handle.

    Sad but true.

    If it’s "truly" confidential it’s hypersend. If it’s just making sure that I’m at least SB1386 in compliance.. it’s Adobe.