I just came across these "disturbing facts about proton mail". Let's say, hypothetically, that I administer a small org that now wants to move away from proton.
I guess I should just learn pgp, but that would be a tough sell for any boomer members.
EDIT: thanks for all the responses! It seems like my intuition was correct: email is inherently insecure, and proton is no worse than other email providers insofaras you don't let their marketing cause you to drop your guard. If it's illegal, keep it offline.
This is roughly what I'd recommend, though I'd HIGHLY recommend setting up communications in such a way where the server is in the physical custody of the organization. This limits the spies to monitoring data in transit, whereas if you're hosted on something like AWS they can image the machine any time they want without your knowledge and collect data at rest.
PGP is probably the best tool available for email, but as you mentioned it is complex, and it is also not a panacea (however, it is not brain surgery. I recommend everyone learn how it works). I'd save email for correspondence outside the organization (newsletters, media contact, public inquiries, announcements, etc) and handle all internal communication using something that isn't burdened with 50 years of technical debt.
This leads me to recommend a private, non-federated Matrix instance, or something along those lines. Again, running on a machine in the organization's custody, so you can wipe that shit like Hillary Clinton the moment you start feeling suspicious, or spirit it away to an unknown place if the information absolutely must be preserved.