Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to encrypt your email

Eric Geier | April 27, 2012
Even if you never email sensitive information--social security numbers, banking info, business secrets, and so on--you should consider using encryption. Aside from capturing your email content and attachments, a miscreant could hijack your entire email account if you failed to secure it properly.

If you use a desktop client program like Microsoft Outlook to check your email, or if you use an email app on your smartphone or tablet, you should still try to use SSL/TLS encryption--but in such situations, encryption is harder to verify or to set up. To do it, open your email program or app and navigate to the settings menu; there, your account will likely be labeled as a POP/SMTP, IMAP/SMTP, HTTP or Exchange account. Look for an option to activate encryption; it's usually in the advanced settings near where you can specify the port numbers for incoming and outgoing connections.

If you use an Exchange email account for work, for example, you'll find a designated area for security settings where you can clearly see whether encryption/security is enabled for the incoming and outgoing connections and for your Exchange account. If it isn't enabled, check with your email provider to see whether the provider supports encryption, and consider switching to a service that allows SSL/TLS encryption.

How to Encrypt Email Messages

You can and should encrypt your individual email messages during transit, but both you and your recipient must do some work ahead of time to make the protection work properly. You can use encryption features built into your email service, or you can download encryption software or client add-ons (such as those that use OpenPGP). In a pinch, you can use a Web-based encryption email service like Sendinc or JumbleMe, though doing so forces you to trust a third-party company.

Most forms of message encryption, including S/MIME (Secure/Multipurpose Internet Mail Extensions) and OpenPGP, require you to install a security certificate on your computer and to give your contacts a string of characters called your public key before they can send you an encrypted message. Likewise, the intended recipients of your encrypted message must install a security certificate on their computer and give you their public key in advance.

Support for the S/MIME standard is built into many email clients, including Microsoft Outlook. In addition, Web browser add-ons, like Gmail S/MIME for Firefox, support Web-based email providers as well. To get started, you can apply for a security certificate from a company such as Comodo.

The OpenPGP (Pretty Good Privacy) email encryption standard has a few variants, including PGP and GNU Privacy Guard (GnuPG). You can find free and commercial software and add-ons, such as Gpg4win or PGP Desktop Email, that support the OpenPGP type of encryption.

How to Encrypt Stored Email

If you use an email client or app on your computer or mobile device, rather than checking your email via a Web browser, you should make sure that your stored email data is encrypted so that thieves and snoops can't access your saved messages if you lose the device or someone steals it.

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.