The exchange of emails is a constant in the workplace, over the years there has been no instant messaging service to displace it. Millions of emails are exchanged daily. Among so many messages, it is possible to find a large amount of sensitive data such as personal data, or those of a certain organization. However, are all emails encrypted? Every time we send an email, do we expose the information so that it can be read by anyone?
Emails are not fully encrypted
Despite increasing awareness of the importance of using secure tools to communicate, email has not yet been emphasized. This is due to the fact that these are assumed to be safe, which is partly true, but not entirely. The search giant, Google, makes the Transparency Report available . In it we can find multiple reports regarding relevant topics such as security, privacy and more. There is a report detailing the percentage of encrypted emails that are sent daily.
The interesting thing is that we can check dynamically, by time range, in what percentage the emails sent and received are encrypted. However, the encryption spoken of is encryption in transit .
This means that the emails have protection, that is, they are encrypted when leaving from the origin to the destination. In other words, the content cannot be read while it travels through the different mail servers, since it is in transit and here they are usually encrypted. Likewise, it is good to know that this data reflects emails that travel to and from Google only, that is, using Gmail.
The latter reminds us of the importance of having email providers that protect both the sending and receiving of messages. Is this enough? No. The fact that emails are also encrypted when stored on servers is considered the most important thing.
We believe that there is nothing more unpleasant and uncomfortable than our personal data, or those that belong to the organization to which we belong, that are exposed. This type of situation occurs more and more frequently and is part of the cybersecurity news almost every week.
What is an S / MIME certificate?
Its abbreviations correspond to Security / Multipurpose Internet Mail Extension . In Spanish, it means Secure / Multipurpose Internet Mail Extension. The latter would be the literal translation, however, it is a protocol that works like a signature. The main purpose is to increase the security level of email messages that are sent and received. Whoever sends the emails will have a kind of backup that comes in digital signature format with timestamp . Likewise, S / MIME is in charge of encrypting and decrypting the content of the messages in a robust and clear way, very secure.
One of its main advantages is that it facilitates the act of sharing attachments, since it ensures that they remain intact until the moment they reach their destination. This implies that the documents also obtain a digital signature, as well as email messages.
How the digital signature works
This protocol can be quite related to traditional emails. We write a letter, we sign it and we even put a stamp on it. All this is so that the person who receives the same, has the certainty that the person who wrote it is who he claims to be. S / MIME has a practically identical function but applied to emails. Let’s see how the digital signature works in the protocol:
- The digital signature is generated based on a private key
- It is authenticated by a public key
- The public key is included in the email message
- Whoever receives the message will be able to verify that the sender is a legitimate author
Another very important point is the encryption of the content of the message. As we discussed, it is also very important that content is protected when stored on servers, especially when it comes to sensitive data. With S / MIME , content is encrypted before sending.
However, the encryption of the content is carried out using the public key . It is decrypted using the private key of the person who receives the messages. The latter helps the email in question to actually be read by the legitimate destination.
How to encrypt my emails on the computer
The easiest way to encrypt emails if you use Gmail or Outlook via the web is to use the Mailvelope extension for Mozilla Firefox or Google Chrome, this extension will greatly facilitate encrypting emails with PGP so that we have end-to-end confidentiality, In this article we have a complete tutorial on how to encrypt emails with Mailvelope in Gmail and Outlook .
Another very interesting option if you use Windows 10, is to be able to encrypt the emails with Microsoft Outlook, the configuration is very similar to the previous one since we will need almost the same programs, but in this case we do not have an extension in the browser. In this article we have a complete tutorial on how to encrypt emails with Microsoft Outlook in Windows 10 .
Finally, if you use the Mozilla Thunderbird email client, this software also allows us to encrypt emails with PGP to provide a layer of point-to-point confidentiality to our communications. In this article we have a complete tutorial on how to encrypt emails with PGP in Thunderbird .
How to encrypt my emails from mobile
If you have an Android mobile, the CipherMail application is a free application that you can download right now from the Play Store. The same account, of course, with the possibility of implementing S / MIME so that you can have email exchanges more securely.
This application works as a plugin for the email client that you use normally. Whether it is Gmail , Outlook, Thunberbird or whatever. Once you have installed it, you can start to have a safer experience with exchanging messages. It will be possible to encrypt their content, including the attached files. If the messages have HTML formatting, no problem, encryption is supported. In case you have the preference, you can enter the official CipherMail portal and directly download the .apk file to perform the installation manually.
