Following this question response:
When creating a password-protected Zip file (with the "compressed folder" utility integrated in the OS), Windows XP uses the "standard"
encryption algorithm for Zip files. This is a homemade stream cipher,
and it is weak. With 13 bytes of known plaintext, the complexity of
the attack is about 238 operations, which is doable in a few hours on
a PC. 13 bytes are relatively easy to obtain (e.g. if one of the files
in the archive is an image, it will probably be uncompressed and begin
with a known header). The result has even been improved, notably
because the files in an archive are encrypted separately but without
proper key diversification. Some years ago (quite a few now, tempus
fugit), I have seen a password cracking software by Ivan Golubev which
put this science to good use, and could crack Zip encryption in an
hour.
The attack on Zip encryption is actually:
a nice introduction to cryptanalysis; a good exercise in programming;
a reminder that you should not roll your own crypto. Phil Katz was
very good in his domain, but the best cryptographers in the world will
tell you that it takes much more than one extremely good cryptographer
to make a secure algorithm -- it takes many cryptographers who
feverishly propose designs and try to break the designs of the others,
for a few years, until a seemingly robust design emerges (where
"robust" means "none could find the slightest argument to support the
idea that they may, possibly, make a dent in it at some unspecified
date").
Consider using a PGP/GPG end-to-end encryption solution, either provided by the company or by your common agreement with your HR department.
Personally I use either Mailvelope or gpg4win as Windows solutions.