Email is a convenient way to communicate with colleagues, clients, and friends. However, it is important to remember that email is not always private. Emails can be intercepted by hackers, government agencies, and even your own employer. If you need to send private information, it is important to take steps to protect it.
Can it be done?
Yes, it is possible to send a private email.
However, it is important to understand that there is no such thing as 100% guaranteed security. Even if you take all of the right precautions, there is always a risk (however small) that your email could be intercepted.
Sending a private email
Email interception can occur as a result of:
- Cyber threat: Malicious third-parties can use various methods to intercept your emails if they are not protected.
- Human error: You could easily send a private email to the wrong person by typing in or accepting an autofilled address.
To send a private email, you need to protect against both of these risks. This can be done by encrypting data and authenticating recipients.
Encryption scrambles message data so it's not readable to human eyes. Authentication protects the keys to decrypt message data, releasing them only once the right people have passed certain checks.
To truly protect an email, you need encryption to disguise a message 'end-to-end' (from sender to recipient) and authentication to verify that the recipient is the right person to unscramble a message for.
Different types of encryption
There are a number of different encryption methods that can be used to protect private emails. The most common encryption methods are:
- Transport Layer Security (TLS) is a standard security protocol that is used to encrypt data in transit. When you use TLS to send an email, the data is scrambled before it is sent over the internet. This makes it very difficult for anyone to intercept and read the data.
- Pretty Good Privacy (PGP) is a more advanced encryption method that uses a stronger algorithm than TLS. PGP is also more flexible than TLS, as it allows you to encrypt emails to specific email addresses.
- AES-256 is a an encryption method that uses a 256-bit key. This makes it very difficult to break, even with the most powerful computers. AES-256 encryption can be combined with authentication methods to ensure only verified recipients can gain access the keys needed to decrypt and access sensitive email data.
TLS encryption is suitable for everyday personal emails, and is used by most email providers including Outlook and Gmail.
However, if you want to send a truly secure email you should use AES-256 or PGP encryption and recipient authentication. These encryption types are suitable for the most sensitive information.
Different types of authentication
There are a number of different recipient authentication methods that can be used to secure emails. The most common methods are:
- Question-and-answer authentication (Q&A): Email senders set a question with an answer that their recipient must correctly enter.
- SMS code authentication: Email senders provide their recipient's phone number and a code is sent to the recipient's mobile device.
- Government document authentication (ID&V): Senders request that their recipient provides government issued ID (e.g. a passport) which must be scanned and verified before they gain access.
Government document authentication is typically the strongest level of authentication that can be applied to an email sent securely.
However, the strength of an authentication method always varies depending on the relationship between sender and recipient. If a question can be asked of the recipient that only that sender and recipient could know, then question-and-answer authentication is highly secure.
Sending a one-time-code is also an effective measure. Though it depends on the security of the recipient's mobile device, it has been shown to block 99.9% of automated cyber attacks.
How to send a truly private email
To send a truly private email, you should use a secure email service that utilises encryption and recipient authentication. You should also use a strong password and enable multi-factor authentication for your account.
Mailock is secure email solution that's easy to use without switching your email provider or address. You can use Mailock's Windows Outlook add-in or browser app to email private information securely from your desktop.
Start a free secure email account today!