This is the most basic step, but even this is non-trivial. There are multiple ways of password protecting a zip, ZipCrypto is insecure and not all software supports AES-256. Self-extractors will get stopped by AV and sometimes even password protected zips (as the AV can't read them).
You then have to communicate the password out-of-band, as emailing it would defeat the purpose. It may be hard to read over the phone and you have to trust it was not written down and the file is not then stored/forwarded unencrypted. Explaining the process to someone non-technical may be challenging.
Symmetric crypto is a mess, asymmetric would be great if secure key exchange could be easy. If only the software was as ubiquitous as zip handling is in the OS.
Microsoft solves this with RMS for Individuals: https://portal.aadrm.com/ (also called the RMS Sharing App, now getting rebranded to Azure Information Protection).
The recipient's identity is the key to opening the content - no need to communicate anything out-of-band. Depending on the file format chosen, you get DRM features limiting granular actions on the file beyond view/edit.
To open the protected files, your recipients will have to download/install the (free) app from Microsoft. This is generally pretty painless.
Definitely worth checking out, especially good for consultants' workflows.
That is essentially corporate policy at my workplace. We use in-house file-sharing system, and I think the recommendation is to prefer 7z over vanilla zip. Typical channel for sending password is via SMS.
Its not elegant, but in the end I find it reasonably good compromise between security and practicality.
