It is business that gains the most from using encryption, protecting data and complying with legislation like HIPAA. Encryption was once the preserve of our security services and paranoid individuals. Those who used encryption were immediately suspected of nefarious undertakings and often brought suspicion upon themselves by doing so. Nowadays, while one part of the government doesn't like it, the other part actively encourages it. In fact with laws like HIPAA, it mandates it.

Email encryption uses public key cryptography, which consists of two keys, a private one and a public one. The private key is part of the encryption software and remains on the sending computer. This is hidden and kept secret, while the public key is given to anyone who wants to send encrypted email to the recipient. For the system to work, you have to provide your contacts with the public key either with the message or in advance. Then when they receive the message they can decrypt it properly. These keys are actually digital certificates and are available for free on the internet, or as part of an overall corporate security solution.

Once your contacts have a public key, you can communicate via email safely. You encrypt email using your private key and the recipient decrypts it using their public one. They can then encrypt their reply using their public key and you decrypt it using your private one. These two keys are essential for the system to work. For it to remain secure, you have to keep your private key to yourself, and encourage your contacts to protect their public key.

If you want to use email encryption with multiple recipients it's better to use a password encryption. While you can share any number of public keys with contacts, the process gets a little complicated, so often encrypting your email so it needs a password instead of a public key is the most effective choice. You just have to remember not to publish the password! The process is exactly the same though. The email is encrypted as usual, but this time you specify a password or phrase instead of public key decryption. You then send the email to your contacts, they enter the correct password and the system decrypts the email.

Email encryption can be a lengthy and laborious task to set up. Most enterprise-level systems will have it installed at server level, which means users don't have to do anything at all. With the government being very strict on privacy legislation such as HIPAA and SEC Rules, it's essential for the vast majority of companies to protect their data from loss or prying eyes.

Despite email encryption having been around for a few years, nobody yet has developed a way to make it easy to use and implement. Sure, from the users perspective in an organization everything is taken care of for them. They don't know that it took a team of security engineers a lot of sweat to provide a secure system for them to use. This difficulty is a significant barrier to many who don't have the resources of larger companies. Digital certificates have come a long way, and have made life easier for companies as they developed, but email encryption is still far more complicated than it needs to be.