Do you send confidential information over email that you don’t want exposed? Tax documents, financial statements, private conversations with your doctor or lawyer – these are all examples of sensitive data you probably want to keep private.
The good news is you can lock down your email communication through encryption so only the intended recipient can read your messages.
In this guide, I‘ll walk you through different methods for encrypting your email to keep your personal and professional data secure.
Why You Should Encrypt Your Email
Regular old email is not encrypted. That means your messages get sent as plain text that could potentially be intercepted and read by hackers, thieves, or unintended recipients along the way.
According to a 2022 survey by Tessian, 91% of IT leaders said their organizations had experienced data breaches or cyber threats due to vulnerabilities in email security.
Here are some key reasons why you may want to start encrypting your emails:
- Send confidential documents like tax returns, bank statements, or financial reports securely.
- Share private medical information with healthcare providers without worrying about exposure.
- Protect your company‘s sensitive data from cybercriminals seeking to steal customer information, intellectual property, or other intel. According to a Ponemon Institute study, the average cost of a corporate data breach is $4.35 million.
- Prevent government agencies from surveillance of your personal communications. Encryption provides a shield against programs that monitor email metadata and message content.
- Discuss sensitive topics privately, whether in personal or work emails. Encryption allows you to have confidential conversations over email without leaving a trail.
According to a 2022 survey by Statista, 60% of respondents said they were either very concerned or extremely concerned about the privacy of their personal information when sending emails.
The bottom line is that encrypting your emails provides an essential layer of security by scrambling the contents into coded text that can only be unlocked and read by someone with the right decryption key. This protects your messages from prying eyes.
How Does Email Encryption Work?
Email encryption converts your plain text message into a scrambled cipher text format using encryption algorithms.
This process requires two keys:
- Public key – Given out to recipients so they can encrypt messages sent to you
- Private key – Kept secret so only you can decrypt messages
When you send an encrypted email, your email client encrypts the message using the recipient‘s public key. The recipient then uses their private key to decrypt the email.
This public-private key system ensures that only the intended recipient who holds the private key can decrypt and read your encrypted email.
Here is a simple step-by-step example:
- You compose an email to a recipient.
- You encrypt the message using the recipient‘s public key.
- The encrypted email gets sent securely over the internet.
- The recipient receives the encrypted email which looks like random gibberish.
- Using their private key, the recipient decrypts the message into readable plain text.
Voila! The email content has been kept completely private from any other parties throughout this process.
Overview of Main Email Encryption Types
There are two primary protocols or standards used for implementing email encryption:
S/MIME (Secure/Multipurpose Internet Mail Extensions)
- Relies on symmetric and asymmetric encryption algorithms
- Requires digital certificates from a trusted certificate authority
- Natively supported by most modern email clients like Outlook and Gmail
- Best suited for organizational email encryption across company domains
PGP (Pretty Good Privacy)
- Uses asymmetric public key cryptography
- Does not require certificates from a CA
- Can be used with any email service or client that supports PGP
- Recommended for encrypting personal email
- Available in paid professional versions with added features
Both PGP and S/MIME provide robust, reliable encryption. Which option you choose depends on your specific use case. I‘ll explore each one in more detail throughout this guide.
Step-by-Step: How to Encrypt Email in Outlook
Microsoft Outlook supports S/MIME email encryption through digital certificates.
Here are the step-by-step instructions to get set up:
1. Obtain an S/MIME Digital Certificate
You first need to acquire an S/MIME certificate from a trusted certificate authority (CA) like Symantec, Comodo, GlobalSign or DigiCert.
The certificate will contain your email address and public key used to encrypt messages sent to you. The CA will verify your identity before issuing the certificate.
S/MIME certificates typically cost between $20-$60 per year. The price varies by provider.
2. Install Your S/MIME Certificate
Once you receive your certificate file from the CA, you need to install it in Outlook:
- Open Outlook and go to File > Options > Trust Center > Email Security
- Click the Settings button next to Encrypted email
- Select Certificates > Import
- Choose your certificate file and click OK
You only need to do this process once. Outlook will now have your certificate with its associated public and private keys.
3. Encrypt a Message in Outlook
With your certificate installed, you can now encrypt any Outlook email:
- Open a new email in Outlook that you want to encrypt.
- On the Options tab, click Encrypt to enable encryption.
- Compose your email as normal. The contents will be encrypted.
- Click Send.
Only recipients who also have an S/MIME encrypted email certificate will be able to decrypt and read this message.
4. Read Encrypted Emails You Receive
When someone sends you an encrypted email, it will show up garbled in your Outlook inbox.
To decrypt and view the message contents, double click to open the email. Outlook will automatically use your S/MIME certificate private key to decrypt the email for reading.
That‘s all there is to it! With a few clicks, you can now easily encrypt sensitive Outlook emails.
Gmail: How to Send Encrypted Emails
For your personal Gmail account, you can encrypt messages using the Confidential Mode feature:
- Compose a new email in Gmail and click the lock icon at the bottom.
- Turn on Confidential Mode. This allows you to set an expiration date or require SMS verification before the recipient can access the message.
- Write your confidential email text. Make sure confidential mode is enabled before composing the sensitive parts of your message.
- Click Send. Your recipient will need to verify their identity or enter a one-time passcode before they can read your encrypted email.
According to Google, confidential emails in Gmail are encrypted in transit and at rest. However, some metadata like subject line and names of recipients may be viewable.
For G Suite business accounts, you can configure S/MIME encryption through admin security settings. This requires purchasing S/MIME digital certificates.
Encrypting Email in Yahoo, Outlook.com, & More
Some email providers like Yahoo Mail and Outlook.com do not natively support PGP or S/MIME encryption.
Never fear! You can still encrypt emails from these services using third-party encryption tools:
Install the Mailvelope or Virtru browser extensions to encrypt Yahoo emails:
- Compose an email in Yahoo Mail then click the Mailvelope/Virtru icon to encrypt.
- Type your message within the encrypted email editor.
- Click the Encrypt button to scramble your email contents.
- Send your encrypted email. Recipients will need to use Mailvelope/Virtru to decrypt.
Outlook.com, iCloud, ProtonMail
Privacy Pop and Encipher.it are two popular services that work with nearly any email provider to encrypt messages:
- Visit the Privacy Pop or Encipher.it website and log into your email account.
- Compose your confidential email within the secure browser-based editor.
- Click Send to encrypt your message before it gets sent using your email provider.
The recipient just needs to click a secure link in the email to view the decrypted contents using Privacy Pop or Encipher.it.
How Businesses Can Encrypt Email at Scale
Encrypting a few emails here and there is one thing. But what about a large enterprise that needs to protect hundreds or thousands of employees‘ communications?
For organizations, investing in dedicated email encryption solutions can provide an added layer of protection for data at rest and in transit throughout the company infrastructure.
Here are some top options for encrypting business email at scale:
Microsoft Office 365 Message Encryption
- Seamlessly integrates with Outlook desktop and mobile apps to encrypt emails and Office documents.
- Offers configuration options for recipient authentication methods, access expiration, and more granular controls.
- Supports bulk email encryption and rights management capabilities.
- Leverages Azure Rights Management (Azure RMS).
Cisco Registered Envelope Service
- Provides a certified and registered email delivery system with robust encryption capabilities.
- Enables email tracking, legal proof of delivery, and encrypted large file sending.
- Integrates DLP, malware protection, and compliance supervision.
- Used by over 3,500 public and private institutions worldwide.
Micro Focus Voltage Email Encryption
- Gives administrators a central management console to configure enterprise-wide encryption policies and rules.
- Allows choice of per-message or group encryption methods.
- Prevents data leakage with automatic AES 256-bit encryption of emails
Zix Encrypted Email
- Deploys as a secure email gateway that automatically encrypts all emails based on recipient domain rules.
- Offers advanced threat protection, anomaly detection, and attachment sandboxing.
- Provides detailed visibility into email traffic and security analytics.
- Used by major companies like BMW and Verizon.
Virtru Email Encryption
- Offers fully encrypted sending and receiving of emails across all devices.
- Allows users to unsend messages or revoke access at any time.
- Supports custom DKIM signatures and full SMTP integration.
- Provides robust auditing and administrative oversight capabilities.
- Used by many government agencies like DHS and HUD.
When evaluating enterprise email encryption solutions, businesses should assess factors like:
- Email server integration: Support for Exchange, Office 365, G Suite, etc.
- Key management: Control over public-private key infrastructure.
- Compliance: Adherence to regulations like HIPAA and SOX.
- Ease of use: Minimal impact on employee workflows.
- Admin controls: Policy and security oversight capabilities.
- Budget: Pricing model that fits business needs.
The "right" encrypted email solution depends on your organization‘s infrastructure, compliance needs, and budget.
5 Best Practices for Sending Encrypted Emails
Follow these tips when encrypting and sending confidential emails to ensure optimal security:
- Use PGP or S/MIME based on your email client and recipient‘s capabilities. Both protocols provide robust encryption when properly implemented.
- Obtain certificates from trusted CAs if using S/MIME. Free or self-signed certificates are risky.
- Verify the recipient‘s identity before sending sensitive data to prevent impersonation. Confirm you have their correct public key.
- Type message text directly in the email rather than attaching encrypted files which can still contain malware.
- Delete encrypted emails ASAP once they are no longer needed. Never store sensitive data long-term in your email account.
Also be sure to use a strong, unique passphrase for your encryption keys to prevent unauthorized access.
Is Encrypted Email Ever 100% Secure?
While encrypted email offers a major security upgrade compared to normal unencrypted mail, it is not an invincible solution. Here are some weaknesses to be aware of:
- Improper implementation: Faulty configuration and software vulnerabilities can undermine encryption defenses. Always keep apps patched and configured according to best practices.
- User errors: Sending private keys or passphrases in the clear, exposing private keys through bad storage habits, or granting access to unauthorized readers can negate encryption.
- Metadata exposure: Even encrypted emails may have headers, subject lines, names of recipients, etc. visible in transit. This leaks some information.
- Malware: Spyware locally installed on devices could potentially record passphrases and private keys entered by users when decrypting emails.
- Brute force attacks: Given enough time and computing power, encryption passphrases and keys could possibly be cracked by a determined attacker. Using longer, more complex keys helps mitigate this threat.
- Quantum computing: Some experts warn that quantum computers may one day be able to break modern public key cryptography. However, this risk is still many years away from becoming practical.
While not perfectly watertight, available email encryption tools still provide very strong protection for the majority of threat models, especially when implemented correctly. Think of it as locking your doors and windows when you leave the house – not a guarantee against all intruders, but far better than leaving everything wide open.
Lock Down Your Inbox with Encryption
In summary, email encryption provides an invaluable layer of security for sensitive communications. As cyberattacks become more prevalent, taking steps to lock down your inbox is critical.
Carefully select an encrypted email protocol like PGP or S/MIME that fits your use case. Apply encryption properly using the best practices outlined here. Manage your public-private key pairs responsibly. And verify recipient identities to guard against impersonation attempts.
It‘s impossible to completely eliminate risks when sending data over the internet. But with robust email encryption in place, you can drastically minimize vulnerabilities in your email and take back control over your privacy.