Email encryption defined in Data Protection 101, our series on the fundamentals of data security.
A Definition of Email Encryption
Email encryption involves encrypting, or disguising, the content of email messages in order to protect potentially sensitive information from being read by anyone other than intended recipients. Email encryption often includes authentication.
As PC World points out, it’s not just those who may email sensitive information, such as Social Security numbers, login credentials, or bank account numbers, who need to encrypt their email. Hackers who gain unauthorized access to an email account can access attachments, content, and even hijack your entire email account.
Email is a vulnerable medium, particularly when emails are sent over unsecured, or public, Wi-Fi networks. Even emails sent within a secure company network can be intercepted by other users, including your login credentials. Encryption renders the content of your emails unreadable as they travel from origin to destination, so even if someone intercepts your messages, they can’t interpret the content.
Email Encryption: What to Encrypt
PC World points out three primary things you should encrypt:
The connection from your email provider
Your actual email messages
Your stored, cached, or archived email messages
Encrypting the connection prevents unauthorized users on the network from intercepting and capturing your login credentials and any email messages you send or receive as they leave your email provider’s server and travel from server to server around the Internet.
Encrypting email messages before they’re sent means that even if a hacker or anyone other than the intended recipient should intercept your email messages, they’re unreadable, and essentially useless.
Finally, if you store backed-up email messages in an email client, such as Microsoft Outlook, hackers may gain access despite password protection of your accounts and even your device. Email encryption ensures that even if access is obtained, the content of your email messages is unreadable.
What Email Encryption Does
There are a variety of technology tools that can be used to encrypt email. A personal email certificate is one method of protection that digitally signs your messages, reducing the amount of spam messages that can be sent using your name and email account. This digital signature lets recipients know whether the messages they receive were actually sent by you; spoofed email messages will not contain the digital signature, tipping recipients off that the message may contain spam or malicious content.
Email encryption relies on a Public Key Infrastructure or PKI, in most cases, a combination of a private key (known only by you) and a public key (known only to those you choose to distribute it to or even made publicly available). Those sending emails that they want to encrypt would use the public key, while the intended recipient would use the private key to decrypt those messages into a readable format. In the PKI model, anyone can use a public key to encrypt email, but each encrypted message can only be decrypted by a unique private key.
Best practices for email encryption include consistently encrypting all messages you send and receive. Encrypting only email messages containing sensitive information raises a flag to hackers, pointing them directly to the messages that are most likely to contain valuable, sensitive information – the very information you’re trying to prevent outsiders from gaining access to in the first place.
When you encrypt all email messages as a standard practice, hackers wishing to access your personal information have a more substantial task in front of them. Decrypting email messages one-by-one in search of a single message containing sensitive information is a daunting and tedious task that even the most dedicated hackers may feel is not worth the effort.