Outbound Email - Data Security
I'm wondering how other organizations using OSC approach data security for outbound email.
Due to the nature of our industry, a substantial number of our incidents will contain confidential or personal information. Obviously, we want to avoid sending incident threads in the clear over the internet with this type of information. This information either needs to be encrypted (enforced TLS would be suitable, but I think OSC only does opportunistic) or removed from the email body. However, as we can't be the only organization with this scenario, I'm curious how other people have handled it.
I've read through the knowledgebase articles and note that there is the option to use S/MIME certificates. Most of our customers won't have S/MIME set up so this is unlikely to be a viable option. The only other thing I can think of is to remove the incident thread from all email templates and direct users to the portal. Doing this in all cases might be a bit frustrating to end users.