Gmail users can now send encrypted work emails

UK businesses, especially those in regulated industries, are being offered some peace of mind with new client-side encryption capabilities for Gmail accounts.

Google has released the news that it is strengthening email security for its Workspace Enterprise Plus customers.

The move will come as a relief to businesses which are rightly nervous after this summer’s spate of cyber attacks, targeting huge retailers, including M&S, Harrods and Co-op.

The attacks caused huge disruption to operations for all three businesses, including the exposure of customer data.

These businesses all have sophisticated defences and yet were still the victims of cybercrime. For startups, this news from Google is another line of protection for their business email address that is within their financial grasp.

What is E2EE encryption?

The encryption that Google is now going to offer select business customers is called E2EE or end-to-end encryption.

As Google explained in a blog announcing the roll-out of the facility, it allows “secure communication without the hassle of exchanging keys or using custom software”. Users simply select the option to compose an email and can then select the option to add additional encryption.

Google adds that this must be done before drafting an email as trying to add encryption after you have started writing will delete your draft. Users have the option of turning the extra encryption off.

The recipient will receive a notification that they have an encrypted message and will be able to access this via a guest account. As TechRadar explains, this is because “…Google has no control over recipients’ infrastructure on other providers” therefore the redirection maintains security.

The set up requires “minimal efforts for both IT teams and end users,” says Google, “…while preserving enhanced data sovereignty, privacy, and security controls.”

Why do businesses need email encryption?

Encryption is a layer of defence against cyber attacks – specifically data leaks and zero-day attacks. It essentially randomises data so that only the intended recipient can decode it, and is in common usage for everything from WhatsApp messaging to online payments.

For organisations, email encryption means that information they are sending is protected both in their inboxes but also when in transit.

This information could be anything from financial details to customer data; and businesses have compliance regulations to meet – including GDPR – set up to keep the latter safe.

The cost of crime

Earlier this year, Vodafone Business released a report about the impact of cybercrime on SMEs and found that the average cost of a cyber-attack for a small business was £3,398, with the figure escalating to £5,001 for businesses with 50 or more employees.

The report says that this equates to annual losses amounting to £3.4 billion for UK SMEs.

This doesn’t take into account the impact of a damaged reputation nor the future financial impacts as a business tries to claw back trust.

The report also warns that complacency isn’t an option; with more than a third of the businesses surveyed admitting that they had experienced a cyber incident in 2024.

As Forbes wrote in February, SMEs cannot operate under the misnomer that they are too small to be targeted. In fact, the data suggests that they are seen as “low-hanging fruit”; and as such, easy pickings.

Cybercrime Magazine adds the startling stat that 60% of small companies go out of business within six months of falling victim to a data breach or cyber attack.

The Gmail encryption adds some protection to enterprise users, but businesses must constantly evaluate the protection they have in place as one attack could mean the end for their venture.