This is the real problem that techies tend to ignore. You can have the most technologically secure communication platform in the world, but it all falls apart the second someone circumvents it. Phishing attacks are usually engineered to convince people to circumvent security protocols.
For example, a phishing e-mail might claim to be the person's boss, claim that the boss lost their phone, and ask someone to send the documents via e-mail "just this once" to close an urgent deal until the boss can get back to the office and work with I.T. to fix their phone. Underlings don't want to get fired for ruining the deal by ignoring direct orders, so they send the documents over.
Past a certain point, increasingly sophisticated security measures begin to increase the chances that someone will choose to circumvent the security protocols. At the extremes, people become so accustomed to the idea that the security protocols are too slow, complex, and failure-prone that circumventing them becomes a weekly or monthly occurrence just to get their jobs done on time. Once you reach this point, it's easier than ever for phishing attacks to convince people to do bad things.
If you try to force everyone to use PGP all the time, you're going to end up with a lot of employees communicating on unofficial channels simply because they want to get their jobs done and move on with life.
This is the real problem that techies tend to ignore. You can have the most technologically secure communication platform in the world, but it all falls apart the second someone circumvents it. Phishing attacks are usually engineered to convince people to circumvent security protocols.
For example, a phishing e-mail might claim to be the person's boss, claim that the boss lost their phone, and ask someone to send the documents via e-mail "just this once" to close an urgent deal until the boss can get back to the office and work with I.T. to fix their phone. Underlings don't want to get fired for ruining the deal by ignoring direct orders, so they send the documents over.
Past a certain point, increasingly sophisticated security measures begin to increase the chances that someone will choose to circumvent the security protocols. At the extremes, people become so accustomed to the idea that the security protocols are too slow, complex, and failure-prone that circumventing them becomes a weekly or monthly occurrence just to get their jobs done on time. Once you reach this point, it's easier than ever for phishing attacks to convince people to do bad things.
If you try to force everyone to use PGP all the time, you're going to end up with a lot of employees communicating on unofficial channels simply because they want to get their jobs done and move on with life.