There are two important issues to consider:
- Securing the connection between your computer and email server
- Protecting the actual content of the message and/or attachment
Consider the analogy to the physical mail world. The mail is handled by a number of post offices, clearing hubs and personnel before it reaches the intended recipient. Similarly the email also goes through a number of email servers on the internet before it reaches the intended recipient’s mailbox.
- Unencrypted email is like sending a postcard - open for anyone to read.
- Encrypted connection without content encryption is like putting a letter in a secure box (sealed envelope). No one can read the letter without the key to open the box.
- Encrypted connection and encrypted content is similar to writing the letter in code and sealing it in a secure box. Even if someone managed to open the box, they wouldn’t be able to read the contents without the key to decipher the code.
Many email services encrypt the connection between your computer and their server via a HTTPS/SSL connection but the connection between their email servers and other servers, as the message travels over the internet, is not encrypted and can be read by a “man- in-the middle” data snooper. Hence it is important to protect the actual content of the message because without encryption, the message remains in plain text on the servers and can be read by anyone who gets their hands on it. To protect data as it travels over the internet, both the connection as well as the actual content message content has to be encrypted.
Here are a few tips for emailing confidential information:
- When using web based emails like Gmail, Hotmail etc., make sure that the URL says HTTPS and not just HTTP. The “S” stands for secure and ensures a secure connection between your computer and the email server. You may need to change the settings of the email program to enable the HTTPS encryption. Do not send confidential information if you cannot get a secure connection.
- Protect confidential information in attachments by encrypting the attachment with a password. Only the intended recipient with the correct password can open the attachment.
- Encrypt the message content using encryption protocols like PGP or S/MIME. There are a number of free web services/browser extensions that you can use to encrypt your email. If your business uses Microsoft Exchange, ask your IT administrator if encryption is enabled.
- There a number of email service providers that provide end-to-end email security service. Check to see if any of these services are right for your business.