You wouldn’t write your credit card number on an un-sealed postcard and send it through the postal service (I hope). So, why would you do that with your email? One of the common-sense measures you should consider is encrypting your email communications.
Why Should You Encrypt Your Email?
If you are mailing a check to pay a bill, or perhaps a letter telling a friend or family member that the extra key to your house is hidden under the large rock to the left of the back porch you would seal it in an envelope. In fact, you might even use a security envelope with hatched lines to obfuscate or hide the contents of the envelope even better. The post office offers many other means of tracking messages – sending the letter certified, asking for a return receipt, ensuring the contents of a package, etc.
Why then would you send personal or confidential information in an unprotected email? Sending information like the location of your extra house key under the large rock to the left of the back porch in an unencrypted email is the equivalent of writing it on a postcard for all to see. Encrypting your email will keep all but the most dedicated hackers from intercepting and reading your private communications.
Using a personal email certificate like the one freely available from Comodo, you can digitally sign your email so that recipients can verify that it’s really from you as well as encrypt your messages so that only the intended recipients can view it. You can obtain your free certificate by filling out a very short and simple registration form.
That introduces an added benefit. By obtaining and using a personal email certificate to digitally sign your messages you can help to stem the tide of spam and malware being distributed in your name. If your friends and family are conditioned to know that messages from you will contain your digital signature, when they receive an unsigned message with your email address spoofed as the source they will realize that it is not really from you and delete it (Again, I hope).
How Does Email Encryption Work?
The way typical email encryption works is that you have a public key and a private key (this sort of encryption is also known as Public Key Infrastructure (PKI). You, and only you will have and use your private key. Your public key is handed out to anyone you choose, or can just be made publicly available.
If someone wants to send you a message that is meant only for you to see, they would encrypt it using your public key. Your private key is required to decrypt such a message, so even if someone intercepted the email it would be useless gibberish to them. When you send an email to someone else you can use your private key to digitally “sign” the message so that the recipient can be sure it is from you.
It is important to note that you should sign or encrypt all your messages, not just the confidential or sensitive ones. If you only encrypt a single email message because it contains your credit card information and an attacker is intercepting your email traffic they will see that 99 percent of your email is unencrypted plain-text, and one message is encrypted. That is like attaching a bright red neon sign that says, “Hack Me” to the message.
If you encrypt all your messages it would be a much more daunting task for even a dedicated attacker to sift through. After investing the time and effort into decrypting 50 messages that just say, “Happy Birthday” or “Do you want to golf this weekend?” or “Yes, I agree” the attacker will most likely not waste any more time on your email.
It may seem paranoid, but it’s a relatively simple thing to do that will significantly improve your security and privacy. Once you get the personal digital certificate, just search online for instructions for how to install and use the certificate with your particular email software.
- Igor Volovich Chats about Cybersecurity Compliance and Accountability - January 31, 2023
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023