Sometimes, you need to secure your emails. If you’re sending sensitive financial or personal information, or even photos of your loved ones, it’s important to ensure that your stuff doesn’t end up in the wrong hands. Or inbox.
Encryption is a popular buzzword. It gets thrown around a lot in movies and TV shows, and by big security agencies like the NSA. These days though, encryption is accessible to almost everyone. In fact, according to a Ponemon Institute study on corporate business security, “45% [of companies] have an encryption strategy applied consistently across their enterprise.”
So, if they can do it, why can’t you?
How to encrypt an email
S/MIME TLS, or PGP/MIME (OpenPGP)?
That is, encryption is available to anyone that understands very complex terms and can manipulate the backend of their favorite email provider. S/MIME or TLS and PGP/MIME (OpenPGP) are the two major types of email encryption available to the everyday Outlook or Gmail user. Before you can encrypt an email, you’ll need to choose which of these methods to go with, and implement them accordingly.
S/MIME or TLS
For the uninitiated, S/MIME actually stands for “Secure/Multipurpose Internet Mail Extensions.” Its pseudonym, TLS, stands for “Transport Layer Security,” which is the more commonly used term — probably because people don’t like typing slashes.
Exhilarating. Basically, TLS security protocols are already built into most email providers like Outlook, Gmail, and iOS devices. Being “built in,” TLS relies on a centralized authority and doesn’t give the user much flexibility to choose how secure they want their emails. You get what they give you.
The best part of TLS is that exact fact: It’s built in. No need for users to hunt around for another provider that they may not know or trust to take care of their information. Most providers that enable S/MIME provide documentation to help you encrypt an email.
This form of encryption is a bit more complex. But, first of all, PGP/MIME stands for something too: “Pretty Good Privacy/Multipurpose Internet Mail Extensions.” Now, when someone wants to encrypt an email, “pretty good privacy” doesn’t exactly sound like it’s going to cut it. Maybe something like “Incredibly Good Privacy,” or “Fantastic Privacy,” pick your adjective.
Anyway, contrary to what the term may lead you to believe, PGP/MIME may actually be the more secure of the two options when you want to encrypt an email. Unlike TLS, PGP/MIME uses a decentralized authority to secure email messages. While decentralized security may sound ultimately less secure, many experts in the industry believe that this combined with “consensus record keeping” is the future of online security.
This may ring a bell for those who are familiar with blockchain, a decentralized ledger keeping financial transactions and other asset transfers secure through distributing records among thousands of computers and servers, requiring “consensus” of over 51% to make any changes to the data.
Besides the name, the main downside of PGP/MIME email encryption is that users have to encrypt using a third-party application or service. It isn’t built into the email provider. Plus, the email providers that are compatible with PGP/MIME encryption aren’t as popular as the two compatible with S/MIME: AOL, Yahoo, and android devices.
Now that you’ve chosen your encryption strategy by its incredibly simple term, how do you encrypt an email with your favorite service? For the purposes of this guide, we’re going to focus on three major email providers: Gmail (TLS), Outlook (TLS), and third-party applications (PGP/MIME).
Thankfully, Gmail’s encryption is built into its platform. But, fun fact, both the sender and receiver have to have the encryption enabled for it to work. So, if you send an encrypted email to a non-encrypted inbox, your message will come out just as insecure as it was before. So, before sending, try to make sure that your email’s recipient has the same encryption enabled that you do. That seems to kind of defeat the purpose, but that’s another conversation.
Google provides a handy help document that you can use to set up encryption. Basically, the steps involve “enabling the S/MIME encryption,” uploading certificates, and reloading Gmail.
Once you’ve enabled Gmail encryption, here’s what you do:
- Compose your email.
- Click the lock icon to the right of the recipient.
- Click on “view details” and choose your level of encryption.
Once again, that sounds fairly simple. It’s only three steps, right? Now, let’s see if Outlook is just as easy.
Outlook and Microsoft also provide a help document. That’s a good start. Before getting started, you will have to upload a certificate to the keychain on your computer.
If you don’t know what a keychain is, it’s the password management system that iOS and Windows use. These systems hold onto saved passwords so it’s easier and faster to log into your most used platforms or tools.
Once you’ve done that, there are six steps to go:
- Under the File menu, select Options > Trust Center > Trust Center Settings.
- In the left pane, select Email Security.
- Under Encrypted email, choose Settings.
- Under Certificates and Algorithms, click Choose and select the S/MIME certificate.
- Click Ok.
- Finish writing your email and hit Send.
That’s it. Now, we’ve intentionally started with the easier options here. If you don’t use either of these platforms or iOS email, the process is a lot harder. Like, a lot.
Encryption on every other email platform (AOL, Yahoo, etc.)
We won’t go through each provider individually, because the story is the same: You need to use a third-party tool to encrypt your emails. You might be thinking, sure, okay, I’ve used third-party tools for things, how hard can it be?
The most popular of these tools is GNUPG or Gnu Privacy Guard. GNUPG is free, and it allows you to encrypt your online data and communications such as email. Here are the next steps:
1. Create your own public or private keypair using the GNUPG software.
Let’s stop right there for a second, because there’s a lot going on in that one sentence. A “keypair” is a system of encryption whereby one party holds one “key” or line of code and the other party owns the other. When a message is sent and both keys are identified, the encrypted message is decrypted. Only by having the key can you access the encrypted data.
To create your key, you’ll need to find the binaries and source code for whichever platform you want to encrypt your emails on. GNUPG and other third-party tools may provide these as well.
2. Send your receiver the key you’ve created.
Now you have to send the “key,” or list of long numbers, so they can do the same thing you’ve done and read your encrypted messages, or send you encrypted messages of their own. From there, we could also get into the creation of public or private keys, which basically means the public can search and access your key or not.
But, at this point, we’ve gone pretty far. In case it hasn’t gotten across, encrypting your emails is hard, trying, and tedious. Unless you’re sending confidential information like launch codes or proof of aliens, there’s no reason to go through all this trouble.
Data security is important for everyone, but it isn’t as accessible as some would make it seem. For that, people and businesses around the world use DocSend.
DocSend is the secure document sharing platform that everyone can use. From investor pitch decks to financial information, DocSend allows users to send and collaborate on sensitive documents simply and securely.
All it takes is three steps:
- Upload your files to DocSend.
- Create a DocSend link.
- Share securely by emailing the link or using our best-in-class email plugins for Gmail or Outlook.
You can also track how viewers are interacting with your documents. That’s right: DocSend even allows you to track the reader’s time spent on page, where they skipped, left off, or where they lingered, so you get real time, actionable feedback on your documentation.
Give up on traditional email encryption. Start sharing securely with DocSend.