Whether you’re sending an important email to a work colleague or simply dropping a friend a quick reminder about what time you’re meeting for lunch, email has become a crucial tool for helping us keep in contact with the people in our lives. However, emails aren’t immune to digital eavesdroppers.
Your typical email account contains a wealth of information that can be invaluable to all kinds of organisations and individuals – everyone from hackers who might be after your financial information, to corporations who are sucking up data in the hopes of targeting potential customers with more relevant online adverts. Even government agencies have the power to request access to your electronic communications!
Making sure your private emails remain private is crucial when you’re transmitting confidential documents or other sensitive information. However, even if you’re just chatting with friends, then chances are you’re still not too keen on the thought of other people listening into these conversations!
In this article, I’m going to show you how to add some additional security to your emails, using encryption. I’ll also be sharing some email security best practices to help ensure that malware and viruses don’t find their way into your email account, potentially compromising your privacy even if you do choose to encrypt your emails.
What is email encryption?
Encryption essentially scrambles the contents of your emails so that only people who have the correct key can decipher your messages.
In this article, I’m going to explore two methods of encrypting your emails:
- Sending encrypted emails via Apple’s Mail application. This methods lets you use your existing email address, but it does require quite a bit of setup – you’ll need to exchange certificates with every person you want to send encrypted messages to, and receive encrypted messages from.
- Creating a new email account with built-in encryption. There’s numerous email providers who offer encryption as standard. The main drawback is that these services do require you to create a new email address, but sending encrypted emails tends to be much easier when you’re using a service that was specifically designed with encryption in mind. If you plan on sending encrypted emails on a regular basis, then it may be worth the initial hassle of creating a new email address, since this is going to make email encryption much easier in the long run.
Sending encrypted emails with ProtonMail
Although there’s a number of email providers that offer built-in encryption, in this article I’m going to be looking at ProtonMail, a free, web-based email encryption service. If you’re a fan of Amazon Prime’s Mr Robot series, then the name ProtonMail may sound familiar, as it was featured in the show’s first season!
ProtonMail doesn’t just store messages in an encrypted format, it also transmits them in an encrypted format and uses SSL encryption to help prevent third parties from intercepting your traffic via MITM (Man in the Middle)-style attacks.
You can sign up for a free ProtonMail account or purchase a ProtonMail subscription, which gives you access to some additional features. During registration ProtonMail will only ask for a limited amount of user information. ProtonMail is also designed to ensure ProtonMail staff have no way of accessing your data, so even if government officials request that the company hands over all the data they have on you, this is only ever going to be a very limited amount of information.
It’s also worth noting that ProtonMail’s servers are located in Switzerland, so all the data you transmit via ProtonMail is protected by the Swiss Federal Data Protection Act and the Swiss Federal Data Protection Ordinance, which are recognised as some of the strongest privacy protection laws in the world. According to the ProtonMail website, since the company exists outside of the US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel ProtonMail to release the “extremely limited user information” they have access to.
The fact that ProtonMail staff have very limited information about your account does have one major drawback: if you forget your password then they won’t be able to help you recover it, and you may permanently lose access to your account.
Once you’ve created your account, your browser will take you straight to your ProtonMail inbox, and you’re ready to start sending encrypted messages.
Every email you send to another ProtonMail user is encrypted by default, but you can also send encrypted emails to non-ProtonMail addresses using symmetric encryption, which sends your message via a password-protected hyperlink. When the recipient clicks the link, ProtonMail prompts them to enter a password, which will decrypt the message.
Note that it’s up to you to share the password with your recipient via a secure channel.
To send an encrypted message, compose your email as normal and then give the ‘Encryption‘ button a click.
In addition, you can put a time limit on your emails, and regardless of whether you’re sending the email to a ProtonMail or non-ProtonMail address, the message will self-destruct after the specified period of time has elapsed.
Sending encrypted emails via Apple Mail
Alternatively, you can encrypt the emails you send and receive via Apple’s Mail application. This isn’t a particularly straightforward process, as both you and the person you want to exchange encrypted messages with need to exchange certificates. You’ll also need to repeat this process for every person you want to exchange encrypted emails with.
This may take a bit of time and effort, but crucially it provides you with a way of exchanging encrypted messages without having to create a brand new email address.
- Create a certificate
If you already have a certificate from a third party, then you can use this certificate, or you can generate a self-signed certificate.
To create a self-signed certificate, navigate to your Mac’s Applications/Utilities folder, launch the Keychain Access app, then:
- Select ‘Keychain Access’ from the Mac menu bar, followed by ‘Certificate Access > Create a Certificate.’
- Give your certificate a name.
- Open the ‘Identity type’ dropdown and set it to ‘Self Signed Root.’
- Open the ‘Certificate Type’ dropdown and select ‘S/MIME (Email).’
- Click the ‘Create’ button, followed by ‘Continue.’
- Select ‘My certificates’ from the left-hand menu.
- Double-click the certificate you just created.
- Open the ‘When using this certificate…’ dropdown and set it to either ‘Use System Defaults’ or ‘Always Trust.’
2. Exchange certificates
You’ll then need to exchange certificates with the person you want to send encrypted messages to, or receive encrypted messages from.
You send a certificate to your recipient via a digitally-signed email, so launch the Mail app and compose a new message. At this point you should notice that a new checkmark icon has appeared next to the email’s ‘Subject’ line. To digitally sign your email, give this icon a click (it should turn blue) and then send this message to your recipient.
Once the recipient has repeated this process and sent you their certificate via a digitally using email, then you’re ready to start exchanging encrypted emails with this person.
Try composing a new email, and as soon as you enter this person’s email address, a new ‘Encryption’ button should appear next to the ‘Subject’ line. Give this padlock icon a click, and this email is now encrypted!
Note that you’ll need to repeat this process for every person you want to exchange encrypted emails with.
Email best practices
Even if you do go to the effort of encrypting your emails, if you don’t follow best practices surrounding email security then there’s no guarantee that viruses and malware won’t find their way into your email account or computer, potentially allowing other people to view the contents of your emails anyway.
To help keep your email account secure, it’s important that you keep the following best practices in mind:
- Check whether you should be scanning email attachments manually. Email attachments are a huge potential source of viruses and malware. Although many email providers automatically scan attachments for you, if you’re unsure whether this applies to your particular account then don’t take the risk. Check your account’s ‘Settings’ or your email provider’s documentation, to see whether they check email attachments automatically, or whether you should be scanning these attachments yourself. And remember that even if your email provider scans all attachments for you, there’s no guarantee that it’ll catch 100% of dangerous email attachments, so you should never open or download anything that strikes you as unusual, or outright suspicious.
- Think twice before clicking on any links embedded in an email. Links can contain viruses and other assorted malware, so you should always think twice before opening links from people you don’t know. You also shouldn’t automatically open links just because you know the person who’s emailed you, as it’s not uncommon for hackers to take control of someone’s email account and then immediately spam all of their contacts. If a link strikes you as suspicious, then don’t click on it – regardless of who sent you the email!
Never open emails that seem unusual or spammy. These emails can be from complete strangers, or they may even be from people you know. Once a hacker takes control of an account, often their first move is to spam everyone on that person’s Contacts list! - Whenever you need to email a group of people, use Bcc rather than Cc. Then, even if this email falls into the hands of potential spammers or hackers, at least they won’t immediately have access to the contact details of everyone on that list.
- Create a strong password for your email account. You should also make a point of changing your password often, and look into any additional security measures your email provider can offer. For example, some email providers can send a text message to your phone if they detect any out-of-character activity, such as someone logging into your account from an unfamiliar geographical location.