Emails are vulnerable and can be compromised at any time. Do you want end-to-end encryption services to ensure your email’s security? Here are some ways to hide your sensitive email content in Gmail, Outlook, iOS, OSX, Android and Webmail.
Table of Contents
- Introduction
- What is email encryption?
- Types of email encryption
- How to Encrypt Emails in Gmail
- Alternative to Encrypt Gmail with
- How to Encrypt email with Outlook
- How to Encrypt email with iOS
- How to Encrypt email with OSX
- How to Encrypt email with Android
- How to Encrypt email with Webmail
- Email Providers That Need Third-Party Encryption Tools
- Conclusion
Introduction
Gmail is one of the most popular email services on the market. Despite being so prominent and therefore assumedly safe, email, in general, is extremely vulnerable, sensitive, and can be hacked without much effort. Therefore, keeping your email safe and secure should be of utmost importance.
Email is a utility used by almost every company or organization in the world for communication, be it for staff or clients. If the email is not encrypted, it makes it easier for cybercriminals to hack and gain access to the contents. This process is called a data breach. To go into more detail, data breaching is the illegal act of stealing sensitive and confidential information without the knowledge or permission of the concerned organization or individual. What do you mostly send via email? Social security numbers, passwords, login credentials, and bank account numbers? All this information is susceptible to being damaged or stolen. Encryption of content can be considered a preventive measure to fight such data breaches or cybercrimes and stop you or your company from becoming another statistic.
What is Email Encryption?
Email encryption disguises email content in a coded language, decipherable only by the sender and the receiver.
PKI or “Public Key Infrastructure” is one of the means to encrypt or decrypt emails, privately or publicly, assigning each individual a key to decode the information digitally.
However, there is a distinction between the public and the private key. The public key is stored with the person’s name and email address on a key server. It is accessible to anyone using your public key.
The private key is stored in a safe and private space in the computer giving access to only the individual who set it up initially and is used to decrypt emails.
Types of Email Encryption
There are mainly two types of email encryption methods, S/MIME and PGP/MIME. Both parties must use the same form of encryption in order for the recipient to decrypt an email encrypted by the sender. The two methods of encryption are elaborated on below:
1. S/MIME: It stands for Secure/Multipurpose Internet Mail Extensions. Built into most OSX and ioS devices, it depends on a centralized authority to select the algorithm for encryption. Most often, S/MIME is used because it is integrated into large, web-based email providers, such as Apple and Outlook. For instance, when we receive an email that has been sent from a MacBook or iPhone, we sometimes see a 5-kilobyte attachment called “smime.p7s”. This attachment verifies the receiver’s identity so that only he or she can read the e-mail.
S/MIME is easy to maintain but keep in mind both the sender and the receiver will have to share information called “keys” to identify each other after S/MIME is enabled.
After setting it up, here is how to send encrypted messages using S/MIME:
- Compose a message as you usually would.
- Attach a recipient to the field “To”. There will be a lock icon to the right of the recipient. Depending on the encryption degree endorsed by the recipient, the icon will differ.
- If the message is sent to several recipients, depending on their encryption levels, the icon will display the lowest encryption capability.
- To change your SMIME settings or learn about the degree of encryption for your recipient, click the lock and then “View details”.
There are a few more steps to complete before checking whether a message received has been encrypted:
- Open the e-mail message.
- To the right of the recipients’ list. Click on the down arrow.
- Then, look at the colored lock to decide the degree of encryption of the message sent.
2. PGP/MIME: It stands for Pretty Good Privacy/Multipurpose Internet Mail Extensions. It is built on a decentralized confidence model and has been developed to solve security problems posed by plain text messages. There is more versatility and control within this model, offering different levels of encryption. Despite this feature, it is wise to get another third-party encryption tool. The receiver must have encryption keys, both public and private, and the public key must be accessible to the sender.
There are several applications and email services that offer encryption but do not use S/MIME or PGP/MIME. While these are much simpler and faster to set up, be mindful that they have their own encryption and do not offer the same level of privacy. Examples of these include SafeGmail and Virtru, and while we do not necessarily recommend them, they are still useful tools and better than having nothing. We encourage you to upload your public PGP key to a key server, but it is not needed as you may simply send the plain text of your public key to the person(s) from whom you want to receive encrypted emails instead.
How to Encrypt Emails in Gmail
In order to encrypt emails in Gmail, keep in mind there is a different process for peer, vs the corporate level.
Let us first attempt to understand individual leveled email encryption process.
Since S/MIME is already available in Gmail, to use the feature properly, both the sender and the receiver have to have it enabled. Secure/Multipurpose Internet Mail supports encryption in transit and protects outgoing emails.
The next thing to do is to write your email content for a specific receiver. Then click on the lock icon to the right of the recipient. For transforming the S/MIME settings or level of encryption, click on “view details”. Note that the color codes presented have different meanings. For instance, the information coded with the color green is secured by S/MIME encryption and can only be decrypted with a private key. With Gray Information, the email is secured by Transport Layer Security or TLS, provided both the parties (sender and receiver) have TLS capabilities. Red information denotes that the email lacks any encryption security. Always take a look at these color codes before changing the level of encryption.
For those who have a free Gmail account, know the basics:
Note that your messages in Gmail are secured by Google’s standard method of encryption, called Transport Layer Security (TLS). Like the other services, the recipient must have this activity as well.
As the name signifies, it is a protective measure that provides layers of security to your sensitive data, making it uninterrupted by a third party during the transport. Offering an added layer of protection, google also scans your accounts manually for potential spam and malicious emails, along with adding supporting features like a smart reply. Note that with TLS your data are not wholly private between you and the receiver once it reaches them. There are certain mediums in between that can gain access to them.
Encrypting Gmail at the corporate level.
At the corporate level, there is something termed “Google for Business” or GSuite, which offers extensive features to users.
Businesses big or small, want the safety and security of their data guaranteed. Primarily they rely on GSuite to perform this function. One of the features of GSuite is S/MIME, an encryption method that ensures sensitive data encryption and decryption with user-specific keys, so they remain protected during transfer. The power to read and decrypt the message is given to the intended readers.
Here again, a condition is applied. Both the sender and the receiver must open an account in the GSuite. Also, both parties must enable S/MIME in their own GSuite accounts. Automatic encryption will occur after following the activation process.
Alternative to Encrypt Gmail With-
Virtru
Virtru delivers end-to-end email encryption services to its users along with higher security. End-to-end encryption allows you and your intended recipients to encrypt and later decrypt the message. It is compatible with Gmail, Outlook, Hotmail, Yahoo, etc. It supports both free and paid services.
As an alternative to some of the more popular options, Virtru is a strong candidate. Without needing access to your messages directly, Virtru functions within your existing Gmail and Google Apps, GSuite especially, to ensure your email contents are encrypted properly without the need of portals, new accounts, or key exchanges, additionally offering a pro version for added protection.
Panda Security
Being an intrinsic part of the WatchGuard portfolio of IT security solutions, Panda Security is a reliable alternative to email encrypting services. It is specialized in the development of endpoint security products.
Initially starting as an Antivirus Software Development channel, Panda Security has since expanded with a broader focus on preventing and stopping cybercrime in its tracks.
Startmail
Startmail consists of both free and paid services and supports data encryption through PGP. Working together with Outlook and Gmail, Startmail remains among the most highly sought-after alternatives to email encrypting services.
Protonmail
ProtonMail is another alternative to ensure end-to-end encryption of your vulnerable data. With PGP compatibility, it secures your messages by encrypting and transporting them safely to their intended recipient. With both free and paid services, the price level varies based on the number of domains needed and messages sent per day.
How to Encrypt Emails with Outlook
There are certain things you should do before sending friend or coworker notes on Outlook. Firstly, you should probably create a digital certificate:
Go to file > Options > Trust Center > Trust Center Settings > Email Security, Get a Digital ID.
The digital ID will be received in your email.
Next, to get into Outlook; you need to follow the instructions given in your digital certificate mail:
Select tools, check the options provided and click the Security tab input and then choose a name from the name field. Here, you need to assure that S/MIME is selected on the Secure Message Format box. Now, the default security setting must be checked under the Algorithms and Certificates section. For this, you need to Sign in to the Certificate section. If your Certificate has not been selected, select the box, choose a secured email ID and sign in again. Now, click OK to save your settings and get back to Outlook. You now have your digital signature here and you can put it in your emails at any time. Keep in mind this is not a default setting; you need to drag the listed tools from the toolbar and add your digital signature.
At this point, drag the Encrypt Message Contents and Attachments from the toolbar itself. Here, you need to understand that the digital signature is different from the encrypted message in email. Moreover, one must have sent an email with his digital signature attached while sending an encrypted message on Outlook.
Finally, as both of you now have each other’s digital signatures and certificates, you can save, and start the process by just clicking the encrypt button added in your emails.
How to Encrypt Emails with IOS
iOS devices contain S/MIME support in their default email app. Global Address List or “GAL” is a key server for S/MIME certificates essential to find out the contact for exchanging emails. When you see a contact, the lock icon next to the recipient’s name will be blue. To make the lock icon appear next to the receiver’s name it has to be activated in the advanced setting option. After going into the advanced settings and switching S/MIME on, change Encrypt by Default to Yes and compose a new message. Lock icons will finally appear next to recipients’ names.
But what if the lock icon is red? The red color lock icon signifies that either the sender and recipient are absent in the exchange environment or have not installed the certificate or public key. This mostly happens when the two parties are not co-workers of the same company or enterprise.
To fix the problem, do as follows,
Click the sender’s address > See if the red color appears there or not (if it does then it means that the signature is unknown) > Tap View Certificate, then install > The install button will change color to red and say “Remove” > Click Done on the top right corner.
Now when sending messages to that person, the lock icon will be blue. Encrypt the message by tapping it to close the lock.
How to Encrypt Emails with Osx
Unlike other systems such as iOS or Outlook, in OSX you ought to have the certificate for all the recipients to make sure that your email is encrypted. However, other processes are similar to iOS and Outlook. Here also, similar conditions are applied to send encrypted messages in its default mail program.
Possession of the recipient’s digital signature must be stored on your device.
Form the content in your receiver’s email.
Look at the checkmark icon that will automatically appear. This checkmark signifies that the content will be signed.
Also, look at the lock icon that appears next to the signature icon.
Please note that it is vital to sign emails only after you are done writing them. If it has been changed, the certificate will pop up as untrusted.
How to Encrypt Emails with Android
Android is considered to be one of the most flexible and easiest channels for sending encrypted emails. With a variety of options like, OpenKeychain, CipherMail and PGP/MIME, the passages below will provide context toward the efficacy of android for email encryption.
The OpenKeychain is the simplest of all. It is the most basic option that can run even in the third-party app called K-9. It is free, and as the name suggests, it is open for all to store certificates and PGP public keys, offering the ability to create both public and private keys. To do so, insert your name, email address, and generate a password. If you want to use the generated key from other devices, you have to import it. Here, you can search anyone’s public key online and send them encrypted emails.
CipherMail is another service you can use. Like the OpenKeychain, this app is also open for all to store certificates and public keys. Once these public keys are stored, you can use them at any time. It permits you to send and receive S/MIME encrypted mail using the default Gmail app and K-9.
The last option is using PGP/MIME. Unlike the two, this app has certain boundaries. It demands both an email app and a keychain to store certificates. Here, you do not need the receiver’s digital signature before sending an encrypted email.
How to Encrypt Emails with Webmail
Webmail’s are easier to encrypt than Emails, as they can be used through a PGP/MIME-based solution, which is far more suitable than S/MIME. Here, the Mailvelope chrome extension – that can be used in web mails – is used in conjunction with Gmail. Other extensions such as GPG Tools, GNU Privacy Guard, and Enig Mail can be used with web Mail as well. To get started, you need to enter a name, email, and password, and then click “Generate”. Note that each email encryption comes with a built-in key generator and key ring, but if you already have an existing key you have to import it by copying and pasting. Finally, you have got your encryption key.
After that, navigate the Display Keys in the Mailvelope settings and Click On the key that you have made. To see the plain text, export your public key and copy it to your Clipboard.
Again, paste the copied key into the “Submit a Key” section, headed by the MITPGP Key server. Click the submit option and go back to the MIT key server of your homepage. You can search the name that is already entered in the key server to see your listed keys.
Mailvelope and MIT both display unique key IDs that cannot be used for other servers. This can be useful in a variety of scenarios, one such example being a journalist showing their key ID in their social media profiles, so potential sources know where to send information.
You can also search for other people’s keys by clicking on the key ID of the selected person to display the plain text. You then need to copy the key ID and paste it to the “import” section of the Mailvelope and add it to your keyring. Now you can send and receive encrypted mail from the people you trust to have your public key.
Additionally, Mailvelope has a message button where you can drop messages to encrypt. After typing the messages, you can choose the recipient and transfer the encrypted texts into the email as well.
There is a browser extension in your email that automatically decrypts the recognized email. While needing the PGP app to decrypt the extension, one needs only to click the icon and enter the password for the encrypted text.
Most Encryption extensions do not encrypt attachments while using Mailvelope. For this, you can use the Gnu Privacy Guard to upload the encrypted attachments with PGP.
Email Providers that Need Third-party Encryption Tools
There are some email providers and devices that lack S/MIME compatibility. They require third-party tools to give them the key to use S/MIME, PGP/MIME, or TLS protocol. These third-party apps and services, similar to FlowCrypt and Virtru, guarantee the security of your email right from its creation, to when it is received by your recipient. Third-party encryption is a useful tool, especially if you feel more mainstream services are too expensive, or you simply do not need all the extra features.
Conclusion
With cybercrime rates increasing rapidly, email encryption has become more of a necessity than ever. The reputation of any business is dependent on how well it can secure clients data, often using email to move said data around. Therefore, it is imperative for any organization to use encryption whenever dealing with customer information. The more up-to-date you stay on email encryption the less chance you have of a data breach.
