For most of us, the email messages we send wouldn’t be classified as sensitive. They can be personal, yes, and once in a while you’ll want to make sure the content of a message is kept confidential between sender and receiver.
But sometimes, sending sensitive information — Social Security, passport or credit-card numbers, for instance — via email is necessary. At such points, consider sending an encrypted email message.
Standard email messages are sent in plain text, so it’s possible for someone else to snoop on you and read them. When you encrypt mail, on the other hand, it makes the messages completely unreadable to anyone who doesn’t possess a decryption key.
“It’s like locking a message in a safe, then shipping that safe,” said Terence Spies, chief technology officer of Voltage Security, an enterprise-security company in Cupertino, Calif. “If you trust the safe, you no longer need to trust the people moving it.”
Methods of Encryption
There are several ways to encrypt email. The simplest way is to use a bit of extra software that plugs into your existing email client, such as Microsoft Outlook or Mozilla Thunderbird.
Many security-software companies offer such plug-ins, with some of them being free and others being available under a commercial license.
Andrew Schrage, of the Chicago-based personal-finance news site Money Crashers and a frequent user of encrypted email, recommends instead that you download and install an email certificate from a site like Comodo. PGP (Pretty Good Privacy) is the most common encryption certificate standard.
“It only takes a few seconds, and once your certificate is installed, you will receive instructions to configure it to your email account,” Schrage said. “With this certificate come a public key and a private key. Your public key is what you send to people who want to send you encrypted emails, and your private key is what you use to decrypt them.”
Public-key certificates are great because neither you nor the intended recipient of your encrypted email need to exchange secret information beforehand.
“Historically, when you wanted to send secret information to someone, you’d first need to agree on some kind of cipher or password and exchange that with them in some very secure manner,” explained Charles McColgan of Telesign, a communications-authentication firm in Marina del Rey, Calif.
“Using certificates, I can send part of my key to everyone, and you can encrypt whatever you want to send me with that part of my key.”
Another option is to use the website of a third-party encryption email service, which may be ideal for those who aren’t terribly computer savvy and who don’t feel the need to frequently send encrypted emails.
Such sites, such as JumbleMe.com, make sending encrypted mail as simple as writing out someone’s email address, and are usually fairly safe to use.
However, if you are encrypting an email message using a third-party service, you need to make sure that the person to whom you are sending the message has the tools to be able to decrypt it and read it, pointed out Michele Neylon of Blacknight Solutions, a Internet-hosting provider in Carlow, Ireland.
“Otherwise, the recipient could end up getting emails that he either won’t be able to open or will be random characters without any meaning,” Neylon said.
“In most scenarios, the person receiving the email will have to have similar software installed on their computer so that they can use the sender’s public key to ‘unlock’ the email.”
Sending email through a webmail service like Gmail is secure in that your computer’s connection to the service is encrypted, but the email message you sent out from that service is not encrypted.
“‘Encrypted’ means complex cryptography is used make your messages unreadable when they’re stored and traveling in clouds from the likes of Google, Microsoft and Yahoo,” explained Kevin Bocek, vice president of marketing at CipherCloud, a data-protection firm in San Jose, Calif.
“Secure email offered by online providers is usually not encrypted when it’s stored,” Bocek said. “Without encrypting your email, an employee, support vendor and hackers might be able to read your personal messages.”
Email is a fantastic technology, but you need to be careful about what you use it for.
“Consumers using email to conduct personal business should at least consider email encryption as a way to keep data private,” Spies said. “As people are using email as an efficient way to exchange high-value documents, it’s a good, prudent way to avoid being bitten by many of the breach problems that are so prominent these days.”