Still wondering how Encryption works and how to use it to protect your organization and communications? Interested in locking down your email with encryption?

In this interview with Karen Graham of Idealware, Community IT Innovators CTO Matt Eshleman answers questions on the subject and lays out the basic principles. He also addresses some misperceptions.

This is just one of his tips. Check out the full interview for more.

Q: What are some practical options, including some for organizations with a very small budget or low technical skill?

“Increased security always requires a tradeoff with convenience, just as having to carry around and use house keys to unlock your house is less convenient than opening the doors or remembering the PIN code of your ATM card is less convenient than putting the card in the machine. First and foremost, organizations have to be willing to make that tradeoff.

The good news is that, in terms of financial investment, implementing email encryption is generally low-cost for either software or services. The more significant investment is in end-user training, and perhaps most importantly, creating a culture of accountability.

Because it will require buy-in and enforcement to be successful, a clear understanding of organizational requirements is the best place to start. Is your organization sending PII to another partner organization? If so, then implementing Server-Side encryption would be an easy place to start.

Or, perhaps your organization is a government watchdog or whistleblower organization. Client-Side encryption may be a better fit for you, as it allows you to send secure messages through untrusted channels. It also has the benefit of having the email messages encrypted at rest in case your device is lost or stolen.”

Getting started with implementing a cybersecurity plan at your organization can be a daunting task. There is so much information available and so many vendors offering duplicative solutions that it can be hard to know what to do first.

At Community IT Innovators we’ve been experimenting with different ways to assess and communicate recommendations on good cybersecurity approaches for a number of years.

If you’re at the beginning of your journey to address the cybersecurity issues at your organization, then our NIST Security Survey is a great place to start. Our NIST Security Survey is a web-based tool that allows you to proactively identify security risks across your organization. It provides a heatmap report that identifies the most critical areas to address in the NIST areas of Identify, Protect, Detect, Respond and Recover.

Contact us for more information on using the NIST Security Survey at your nonprofit as part of a comprehensive cybersecurity planning project.