SBN

How to Send Encrypted Email on 3 Major Email Platforms

Your step-by-step guide to sending encrypted
email via Gmail, Outlook, and Mac Mail

News of cyber attacks and data breaches is continually making
headlines. Sometimes, these breaches are the result of phishing attacks and
poor employee email practices — other times, they occur because sensitive
information is left unprotected, is sent via unsecure channels, or businesses
fail to meet regulatory cyber security requirements. This is why upping your
email security protections is vital to the safety and success of your company
and customers.

Choosing the best way to accomplish this goal can be
challenging. Of course, you can (and should) provide cyber
security awareness training
to your employees to teach them how to follow
email security best practices (using strong passwords, not sending sensitive
business or customer data over unsecure channels, etc.). But that’s only one
piece of the puzzle — employee training shouldn’t be your only solution.

Beyond this approach, the next best way to help protect your
sensitive data is to use email encryption
and identity verification methods such as digital signing certificates. After
all, every unencrypted email you send with sensitive information (personal
information, financial data, product specs, etc.) is vulnerable and, therefore,
leaves your business and customers at risk.

Not sure how to secure email
with digital signing certificates so your messages can’t be read by unintended
third parties? No worries. We’ll break down the process for how email signing
and encryption certificates work and how you and your organization can send encrypted email communications using them on
different email platforms.

Let’s hash it out.

How to Secure Email Using S/MIME Email Encryption Certificates

HIPAA email security

Depending on your country and industry — such as finance,
retail, eCommerce, or healthcare — you may have stringent requirements to meet
concerning data protection. In many cases, you’ll need to use encrypted emails to meet these requirements. (In
the case of HIPAA,
though, they’re “administrative safeguards.”) Staying compliant not only helps
you protect your business, but it also helps you avoid costly fines and
lawsuits stemming from noncompliance.

Companies use different methods for encrypting their emails
— transport layer security (TLS), Pretty Good Privacy (PGP), third-party email
clients such as ProtonMail, third-party and native web browser and email client
plugins and extensions, etc. Each of these methods have pros and cons
associated with them:

  • TLS encrypts the channel but not the message. Once
    the message arrives in the recipient’s inbox, it’s unencrypted and unprotected!
  • PGP is clunky and cumbersome and, historically,
    has had implementation issues that led to security vulnerabilities.
  • Encrypted email services such as ProtonMail
    offer end-to-end encryption but requires both the user and the recipient to use
    the email addresses provided by the service (e.g., @protonmail.com), which can
    make it impractical for a lot of businesses.

Another popular email encryption
method is the use of S/MIME certificates (S/MIME stands for secure/multipurpose internet mail extensions).
These certificates:

  • Use cryptography to protect your emails from access
    by unintended third parties.
  • Digitally sign the emails to validate the
    identity of the sender.

S/MIME certificates are used to encrypt emails before they are sent to a mail server or
across the internet where hackers and malicious users can read them.

Is S/MIME perfect? No. The downside of S/MIME is that to use
it, an S/MIME certificate first needs to be installed to your individual computer
or device’s email client. In the past, this was done manually. However, using a
zero-touch
S/MIME solution
to automate the issuance and deployment of S/MIME
certificates makes the process of managing multiple (or hundreds) of these
digital certificates for your business simple. This solution also helps you to
ensure that your certificates are renewed before their expiry date.  

How S/MIME Works

how does s/mime work

We’ve previously discussed the what
S/MIME is and how it works
at length, so we won’t go into depth about that
here. But here’s a quick recap to refresh your memory: SSL or TLS provides
server to server encryption, which protects your email while it’s in transit. S/MIME,
on the other hand, uses asymmetric encryption to protect your email data both
in transit and when it’s at rest. Basically, you use a public key to encrypt the
email data and your recipient uses a matching private key to decrypt it.

Note: For S/MIME encryption to work, both you (the sender) and your
intended recipient need to have encryption enabled, and you need to have the recipient’s
public key to encrypt your messages so only they can decrypt them.
A simple way to ensure that you and your
recipient have the matching public/private keys is to send each other a signed
certificate email prior to sending them an encrypted
email. This way you’ll each have the other’s public key for encrypting
emails.

Essentially, the difference between using SSL email
encryption and sending an encrypted email is
the difference between securing your channel (data in transit) and protecting
the message itself (data at rest data protection). Let’s consider the following
example:

  • Protecting data in transit is like speaking normally
    (sending a plaintext communication) over a secure/encrypted phone line. This is
    great to keep man-in-the-middle (MitM) attackers out of the communication
    channel. But what if someone has infiltrated your office and is hiding in the
    cubicle next to yours?
  • Protecting data at rest, on the other hand, is
    like speaking in code over an unencrypted/non-secure phone line. This secures
    and encrypts your message so that even if an attacker breaks into your office,
    they can’t decrypt your message because they lack your intended recipient’s
    private key.

Using email encryption
ensures that the message and attachments of your email are protected before they are ever sent to a mail
server and will remain secure/encrypted until your recipient with the private
key accesses it. So, rather than only protecting the communication channel,
you’re protecting the message itself.

Step by Step: How to Send Encrypted Email on Three Mail Clients

Regardless of which email client or platform you use, the
first step to using S/MIME entails getting an email encryption certificate,
which you can do by purchasing one directly from a certificate authority (CA)
or a reputable reseller. The next step is installing the certificate on your
email client/platform.

Seeing as how S/MIME certificates is kind of what we do —
along with providing other digital security solutions such as SSL certificates,
PKI management platforms, etc. — we’ve already written articles on how to
install these certificates on Outlook for Mac and Windows systems. For explicit
directions on how to install these certificates, check out these Apple
and Windows-focused
articles.  

Assuming that you already have these certificates installed,
we’ll move on to our step-by-step directions for how
to send encrypted email in the following three mail clients: Google
Suite, Outlook 2016, and Mac Mail.

How to Send an Encrypted Email in Gmail

Google logo

Although Google promised end-to-end email encryption for
users on their Gmail platform nearly five years ago, the internet giant has yet
to follow
through on their word
. For a period, G Suite was selling and supporting
Zix’s G Suite Mail Encryption (GAME) as its own form of email encryption.
However, since April 30, 2018, Google no longer sells or supports the service. The
good news? Businesses using G Suite can use S/MIME. The catch? It’s hosted S/MIME, which means that Google hosts clients’ S/MIME
certificates on its servers.

Google’s Gmail email services offer Basic, Business, and
Enterprise. The company’s site
shows that all three use TLS server-to-server encryption. However, only the Enterprise level users
(G Suite Enterprise and G Suite Enterprise for Education users) can take
advantage of hosted S/MIME encryption. 

You’ll need to enable S/MIME in Google Admin console for G
Suite and upload your certificate to Google’s server. Once this is done, you
can encrypt and digitally sign your outgoing emails in Google Suite (Enterprise
or Education) by doing the following:

  1. Create a new email and write out your message,
    add attachments, add a recipient, etc.
  2. In the top-right corner of your screen (next to
    CC and BCC), click the padlock icon.
  3. Click View
    Details
    to see whether your recipient has encryption enabled or to change
    your S/MIME settings.
  4. Select Settings.
  5. Click Enhanced
    Encryption (with digital signature)

    and select Ok.
  6. Hit Send.

How to Send an Encrypted Email in Outlook 2016

Encrypting an email — or all outgoing messages — is a pretty
straightforward process in Outlook. Once you’ve installed your certificate,
there’s really nothing to it.

To encrypt an outgoing email in Outlook 2016:

  1. Create a new email and write out your message,
    add attachments, etc.
  2. Select the Options
    tab.
  3. Select the dropdown for Encrypt from the menu.
  4. Click Encrypt
    with S/MIME
    .
  5. Add you recipient’s name and a subject line to
    those corresponding fields.
  6. Hit Send.

… And that’s it. It’s really that simple.

Mac Mail Encryption: How to Send Encrypted Email in Mac Mail

Don’t worry, Apple users — we haven’t forgotten about you.
The great news for Apple users who wish to increase their email security is
that Apple Mail supports S/MIME right out of the box. This means that when you
purchase and install an S/MIME certificate, you don’t have to jump through a
bunch of hoops to use it. They really make it easy.

Once you upload the certificate to your computer’s key store,
Mac Mail sets up the cert automatically for digital signing and the option for
encryption. There is no required configuration outside of the keychain access
utility. You can simply click to activate/deactivate signing and encryption.
Again, the user would need to have the recipient’s public key to encrypt to a
(or many) recipients.

What this means is that to send an encrypted and digitally
signed email using Apple Mail:

  1. Open Apple Mail and create a new email.
  2. To the right of the subject field, select the padlock icon.
  3. To digitally sign your email, select the checkmark next to it to encrypt the
    message.   
  4. Create the content of your email and upload any
    attachments
  5. Hit Send.

It doesn’t get much easier than that.

Final Thoughts

Email signing and encryption are a must for businesses in a
digital world. Every day, major companies are making headlines by falling prey
to phishing scams — and small
businesses aren’t safe
from these attacks, either. We can honestly say that
we don’t want to see your business as one of the next related headlines.

Are you not seeing these options for your email client? That
may be because you need to purchase and install an S/MIME certificate. Without
it, you won’t be able to gain access to the email signing and encryption
capabilities we discussed in this article. Whether you’re a small
or midsize business
(SMB) or a large
corporation
, our team can help you find the right certificate to meet your
needs. Hit us up with
any questions or to learn more.

Have insights or
questions about this topic? Feel free to share them below.


*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Casey Crane. Read the original post at: https://www.thesslstore.com/blog/how-to-send-encrypted-email-on-3-major-email-platforms/