Email encryption protects your emails by disguising the content of messages so that only the intended recipients can access and read them. Email can be a vulnerable medium, particularly when messages are sent over unsecured or public networks, because other users can intercept and read them. Encryption secures your emails by making the contents unreadable as they move from origin to destination, so if someone intercepts your messages, they can’t read them.
Email encryption relies on Public Key Infrastructure or PKI. This involves a private key and a public key. Those who are sending encrypted emails use the public key, whereas intended recipients use the private key to decrypt messages into a readable format. Under this model, anyone can use a public key to encrypt email, but encrypted messages can only be decrypted by a unique private key.
If you plan to encrypt your emails, it's a good idea to encrypt all messages you send and receive. If you only encrypt those emails which contain sensitive information – such as login credentials or bank account numbers – this can alert hackers to the fact they contain valuable information. Encrypting all your messages gives hackers a more daunting task: attempting to decrypt messages one by one to see if any of them contain sensitive information.
Email encryption is intended to protect sensitive data. Securely encrypted emails help to prevent data breaches. Both individuals and organizations of all sizes use email encryption as part of their approach to cybersecurity. For some organizations, it’s a matter of regulatory compliance. Internet laws like Europe’s General Data Regulation (GDPR), the California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA) mandate certain data privacy standards which can make email encryption relevant – especially as the volume of emails sent worldwide is increasing year on year.
Three types of email encryption to be aware of are:
Pretty Good Privacy (PGP)
PGP encrypts and decrypts email messages using digital signatures and file encryption techniques. It was one of the first free, publicly available public key cryptography solutions. It is widely used by both individuals and organizations to secure online communication.
PGP uses a version of the public key infrastructure (PKI) approach, in that when a user sends a message with their public key, PGP encrypts the data and decrypts it when the recipient unlocks it with their private key.
Secure Multi-Purpose Internet Mail Extension (S/MIME)
S/MIME provides similar functionality to PGP but requires users to obtain keys from a specific Certificate Authority (CA). It is built into most modern email software services such as Apple and Outlook, and we’ll look at how to enable the feature in a moment.
Transport Layer Security (TLS)
TLS is a protocol that encrypts and delivers email data securely for both inbound and outbound email traffic. It helps prevent eavesdropping between email servers, keeping your messages private while traveling between email providers. All modern email services support TLS.
If you receive an encrypted message, the message will usually feature the word [Secure] in the subject line to let you know that the message is confidential. The message text will also say that you have received an encrypted message. How you access the message will vary by the email provider or the service you are using.
If you are wondering how to send a secure email, you can either opt-in for an end-to-end encrypted email service or set up an encryption protocol on your current mailbox. Bear in mind that for the latter to work, both the sender and the recipient need to have matching setups. Some services also have built-in protocols for encryption. Read on to find out how to encrypt email in Outlook, Gmail, iOS, or Yahoo.
Outlook is compatible with the S/MIME protocol. To enable S/MIME encryption, you need to obtain a certificate or digital ID from your organization’s administrator. Office outlines the process for setting up S/MIME encryption here.
Once S/MIME encryption has been enabled:
Gmail has S/MIME built into its app, but this will only work if both the sender and receiver have it enabled. To enable hosted S/MIME, follow Google’s instructions on how to do this here. Then:
When changing the encryption levels, there are three color codes to be aware of:
iOS devices also have S/MIME support built into them as a default.
Not all email providers and devices have in-built S/MIME compatibility. This means that they require a third-party tool to use S/MIME or PGP/MIME protocol. For example, Yahoo uses SSL (Secure Sockets Layer) as a layer of security to protect your email account but requires third-party services to encrypt with S/MIME or PGP/MIME. See below for more information on third-party services.
Email encryption can be carried out manually or via a secure email service. Dedicated email service apps each offer different features such as encrypting emails, attachments, and contact lists. By doing this in the background, users don’t have to take action manually.
Well known providers include:
Aside from email encryption, there are a few critical steps you should be taking to secure your email:
Most viruses that infect computers come from email attachments. Therefore, it's important to scan email attachments before opening them, especially if the sender is unfamiliar. Many email clients, such as Gmail, automatically scan attachments but others require you to do so manually.
Avoid clicking on unfamiliar links
To avoid becoming a victim of phishing, don’t click on links in emails you are not sure of, and avoid opening attachments. In fact, if you think an email looks suspicious, don’t click on it or open it at all. Using a good spam filter should help reduce the number of spam messages you receive.
Use BCC, and only use reply all where appropriate
When emailing a large number of people, using BCC prevents spammers from getting hold of all their email addresses. In a similar vein, if you receive an email that has a large number of recipients, only ‘reply all’ if it’s really necessary.
Use strong passwords for your email accounts
A strong password is long – made up of at least 12 characters and ideally more – and contains a mix of characters, such as upper- and lower-case letters plus symbols and numbers. Avoid the obvious – such as sequential numbers ("1234") or personal information that someone who knows you might guess, such as your date of birth or pet's name. A password manager can help you to keep track of your login credentials.
Consider using a VPN, particularly when using public Wi-Fi
The best way to protect your data online when using public Wi-Fi is to use a virtual private network (VPN). A VPN creates an encrypted tunnel between you and a remote server operated by a VPN service. All your internet traffic is routed through this tunnel, making your data more secure. If you connect to a public network using a VPN, other people on that network should not be able to see what you are doing – providing enhanced internet protection.
Use a strong antivirus
A good antivirus will help keep viruses and malware off your devices and criminals out of your accounts – protecting you from the latest online threats.