The link to access a message without a password expires after 4 days (or the number of days you set under your compliance settings). So if your clients’ email data is stolen (e.g. if the server or a computer storing their emails is stolen and someone gets access to their emails), most such links would have expired by then. Only the most recent messages will be vulnerable.
- Even for those unexpired messages, the secure message content and files are not included in the email data. So automated software tools that data thieves use to extract sensitive data such as SSNs or financial account details from the stolen email data will not find it.
- Each link only gives access to one message and not all messages received by that client. This limits the amount of data leaked.
There is often a trade-off between security and ease of use. Depending on the nature of threats and data involved, you have to decide where you draw the line. Making secure messages too difficult for your users may also cause some users to revert to just using email and losing the protection from encryption altogether.
Can I Tighten Security?
If you are not comfortable with the above, consider the following options: