PGP for a small office

[Homerboy]

We're a smaller office of about 60 people. Several of our clients are requiring us to setup and use PGP when communicating with them via email that contains senstive topics (like account #s, names, SSNS etc).

Only about 20 people here will actually need this encryption and 19 of those people are nearly computer illiterate.

I'm debating on whether each should get their own key, or just set up 1 office wide PGP key for everyone to use as their own.

Has anyone had a similar experience as this? Or have any input as to the best way to approach it?

Thanks.

 

[Ryland]

From an encryption standpoint you want each person to have their own key. That way if you have an idiot who tells his key your whole office mail won't be open (past and present). Decrypting messages usually gets easier when you have more messages to work with, thus the fewer messages/key the better.

Is it that time consuming to setup a PGP key?

 

[Homerboy]

to set up no... to train? Hell yes. These people are certified idiots for the most part. Honestly any of the info being passed should be 100% accessible by any of these ~20 or so employees anyways. It doesn't have to be hidden from the 20 or so of them

 

[TheUnk]

Consider yourself lucky that your clients want you to use PGP instead of some form of web mail they found...

 

[Homerboy]

haha yeah I'm actually amazed that they figured it out... Lets just say once I started working with one of them, I realized why my credit car dbll was ALWAYS screwed up. Needless to say I promptly cut that card up. Sorry can't say who it is