Even if you never email sensitive information--social security numbers, banking info, business secrets, and so on--you should consider using encryption. Aside from capturing your email content and attachments, a miscreant could hijack your entire email account if you failed to secure it properly. In this article, I'll discuss what you need to encrypt and how to get started, regardless of the particular email service you use.
What to Encrypt
To secure your email effectively, you should encrypt three things: the connection from your email provider; your actual email messages; and your stored, cached, or archived email messages.
If you leave the connection from your email provider to your computer or other device unencrypted while you check or send email messages, other users on your network can easily capture your email login credentials and any messages you send or receive. This hazard typically arises when you use a public network (the Wi-Fi hotspot in a coffee shop, say), but an unencrypted connection can also be pose problems on your work or private network.
Your actual email messages are vulnerable as they travel over the Internet, after leaving your email provider's server. Bad guys can intercept a message as it bounces from server to server on the Internet. Encrypting your messages before sending them renders them unreadable from the point at which they embark on their journey to the point at which the intended recipient opens them.
If you leave your saved or backed-up email messages (from an email client program like Microsoft Outlook) on your computer or mobile device, a thief or snoop might be able to gain access to them, even if you've password-protected your email program and your Windows account or mobile device. Again, encryption renders them unreadable to the intruder.
How to Encrypt Email Connections
To secure the connection between your email provider and your computer or other device, you need to set up Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption--the same protection scheme that you depend on when checking your bank account or making online purchases.
If you check your email with a Web browser (whether on a desktop, a laptop, a smartphone, or a tablet), take a moment to ensure that SSL/TLS encryption is active. If it is, the website address (URL) will begin with https instead of http; depending on your browser, you should see some additional indication, such as a notification next to the address bar or a small yellow padlock icon on the status bar at the bottom of the browser window.
If you don't see an 'https' address and other indicators after logging into your Web-based email program, type an s at the end of the 'http' and press Enter. If your email provider supports SSL/TLS, that instruction will usually prompt it to encrypt your current connection. Then browse your account settings to see whether you can activate encryption by default for future logins, and whether you can create or modify bookmarks or shortcuts to your email site using the 'https' address. If you can't force the encryption, check with your provider as they may not support SSL/TLS.
Sign up for Computerworld eNewsletters.