Why You Should Encrypt Your Email

Security is mostly hype, right? You don’t really need to bother with all those complicated passwords, antivirus software, firewalls and such. Its all just software salesmen and security consultants trying to scare everyone so they can sell their products and services.

I don’t actually disagree with their statements at times but there are common sense steps everyone should take to secure their computers & networks and there is certainly no shortage of hype in the news.

However, as one of the common sense measures that aren’t pure hype you should consider encrypting your email communications. If you are on vacation you might send a picture postcard to a friend or family member with a quick “wish you were here” sort of message. But, if you are writing a personal letter to that same friend or family member you would be more inclined to seal it in an envelope.

If you are mailing a cheque to pay a bill or perhaps a letter telling a friend or family member that the extra key to your house is hidden under the large rock to the left of the back door you might use a security envelope with hatched lines to obfuscate or hide the contents of the envelope even better. The post office offers a number of other means of tracking messages – sending the letter certified, asking for a signed receipt, insuring the contents of a package, etc.

Why then would you send personal or confidential information in an unprotected email? Sending information like the location of your extra house key under the large rock to the left of the back door in an unencrypted email is the equivalent of writing it on a postcard for all to see.

Encrypting your email will keep all but the most dedicated hackers from intercepting and reading your private communications. Using a personal email certificate like the one freely available from Comodo you can digitally sign your email so that recipients can verify that it’s really from you as well as encrypt your messages so that only the intended recipients can view it. You can obtain your free certificate by filling out a very short and simple registration form. A comparison of some of the other free certificate providers can be found in this article

This actually introduces an added benefit. By obtaining and using a personal email certificate to digitally sign your messages you can help to stem the tide of spam and malware being distributed in your name. If your friends and family are conditioned to know that messages from you will contain your digital signature, when they receive an unsigned message with your email address spoofed as the source they will realise that its not really from you and delete it.

The way typical email encryption works is that you have a public key and a private key (this sort of encryption is also known as Public Key Infrastructure or PKI). You, and only you, will have and use your private key. Your public key is handed out to anyone you choose or even made publicly available.

If someone wants to send you a message that is meant only for you to see, they would encrypt it using your public key. Your private key is required to decrypt such a message, so even if someone intercepted the email it would be useless gibberish to them. When you send an email to someone else you can use your private key to digitally “sign” the message so that the recipient can be sure it is from you.

It is important to note that you should sign or encrypt all of your messages, not just the confidential or sensitive ones. If you only encrypt a single email message because it contains your credit card information and an attacker is intercepting your email traffic they will see that 99% of your email is unencrypted plain-text, and one message is encrypted. That is like attaching a bright red neon sign that says “Hack Me” to the message.

If you encrypt all of your messages it would be a much more daunting task for even a dedicated attacker to sift through. After investing the time and effort into decrypting 50 messages that just say “Happy Birthday” or “Do you want to play golf this weekend?” or “Yes, I agree” the attacker will most likely not waste any more time on your email.

For details and instructions from Microsoft for using digital certificates to sign and encrypt email in Outlook Express click here: Step-by-Step Guide to Public Key Features in Outlook Express 5.0 and above.