When email was invented over 40 years ago, no one thought about how to ensure the integrity or privacy of messages.

Yet many people don’t realize that email is very insecure. Not only are spam and phishing rampant, email snooping is a problem, too.

Because email traverses the Internet in plaintext, it’s only as private as sending a postcard. If you’re not encrypting your email, what you might think is a private communication could be read by anyone – whether it be Google, the NSA, or perhaps one of your competitors.

Sophos Global IT Security Manager Ross McKerchar wrote about the problem of email in a blog post on Naked Security:

Despite its lack of security, we keep using email because it’s become so ingrained in the way we do business, and it’s not going to be replaced any time soon. To get email security right, you should think about all the ways email can be misused and abused.

Ross’s advice is to look at the options for email encryption, and figure out which one is best for your users – because, ultimately, you rely on them to make it work.

Solutions range from the somewhat impractical (PGP and S/MIME), to the not totally secure (file encryption), to what we consider the simplest and least problematic – Sophos’s own SPX encryption technology.

To protect data and your organization from email-borne threats, you should look for a solution that also offers spam filtering and policy-based data loss prevention (DLP).

Email clients also need to be well patched, because an email client is rendering untrusted content from the Internet, which carries the risk of running malware just by opening an email.

You can learn more about why unencrypted email is a “deadly IT sin” by checking out our 7 Deadly IT Sins website. It’s got lots of information about how organizations can avoid these common “sins,” including videos, whitepapers and other free resources.