One of the solutions that has historically gained acceptance for securing email was the PGP (Pretty Good Privacy) encryption system. The time has come to dump PGP email solutions.
There are several flaws in the PGP system. Communication of a user’s public key can be problematic. Phishing-like attacks can confuse users into accepting a public key that is not the key of the intended recipient. Exposure of a private key is catastrophic – enabling access to any previously sent email that was encrypted with the corresponding public key. Since email is virtually never completely gone, troves of data can be accessed if a private key is compromised. Implementation of PGP can cause other problems, such as exposing passwords in memory when users access email from public access or other non-owned computers. So many vulnerabilities mean PGP is no longer a real solution for professionals who need to protect their communications.
Now is the time to dump antiquated email add-ons and move to purpose-built secure communications technologies.