How To Securely Send Sensitive Information Via Email

How To Send Secure Email In Outlook: Introduction

How to safely email files with sensitive information

Almost every computer in the world uses Windows as its operating system. Windows has a lot of built-in programs for various functions. One of the most useful programs that Windows offers is Outlook. You can use this application in sending and receiving emails. But do you know how to send secure email in Outlook?

This article will introduce you to the basic steps on how to send a secure email using Outlook. This includes sending secure documents via email as well. You also learn what a secure email gateway is. On top of these, youll know an application that suits your email security needs.

How To Encrypt Your Message With One Click

If you prefer to encrypt your message at your end other than providing a self destructive message link as above, try Encipher.it.

Type your message and encrypt it with just one click of a button . During encryption you are required to provide a password. The recipient will get your message as regular mail/message but in an encrypted form. He needs to decrypt it. He can also do it with just one click. For that you have to provide the password to him.

How to Use Encipherit to Encrypt and Decrypt Messages?

Update: Skip Encipher as we no more recommend it.

You want to ensure the privacy or confidentiality of your message, right? Then visit Encipher. It and add a Bookmarklet to your browsers address bar. Go to the Encipher homepage and drag and drop the Encipher It Bookmarklet to your address bar . It works better on Firefox and Chrome. Now the message part.

As usual type your message. After that click the newly added Encipher It button. It encrypts the message with a password. To open the message your recipient also needs the same Bookmarkelt on his browser and the password set by you. Thats all.

The above two are the two different ways to send confidential information securely online. Hope you liked it. I wish to hear your thoughts in this regard. So do post in comments.

  • TAGS

Sending Personal Data By Email

Another common method of sharing information is by email. By necessity the TO, FROM, DATE and SUBJECT fields of an email are transmitted in plain text and may be accessed by any unintended recipient or third-party who intercepts the communication. Without additional encryption methods in place the email body and any attachments will also be accessible to any unintended recipient or third-party who intercepts the communication.

A common type of personal data disclosure occurs when an email is sent to an incorrect recipient. Data controllers should be aware that encryption will only provide protection to personal data send by email if the incorrect recipient does not have the means to decrypt the data .

Personal data can also be at risk if an individual gains unauthorised access to the email server or online account storing emails which have been read or waiting to be read. The choice of password securing the server or email account is similarly important when considering the security requirements of the email system.

Some types of encrypted email solutions can be complex to set up and require the sender and recipient to have compatible systems for the encryption and decryption process. This can cause problems when a data controller intends to send encrypted email between organisations, to members of the public, or to anyone who has not previously been contacted.

Example

Example

Don’t Miss: How Do I Access Archived Emails In Outlook

Is It Safe To Store Data In The Cloud

While storing data in the cloud is generally safe, its definitely not without risks.

For instance, in 2011, a Dropbox update error made Dropbox accounts accessible to anyone with just an email address. The error only took a few hours to fix, but the data breaches that occurred in the meantime couldnt be reversed. Another data breach occurred in 2012 when the email addresses and passwords of over 68 million users were revealed.

While the data breaches weve mentioned above are exceptions to the rule, they do reveal an issue with the way a lot of cloud storage platforms manage data. One of the biggest issues here is that most cloud storage platforms retain the right to access your information. And while the data you store in the cloud is encrypted, theoretically, anyone can get your encryption key because it is stored alongside your data.

Why Is Email Encryption Important

How to Share Sensitive Information Over the Web

Email encryption is important because it protects you from a data breach. If the hacker cant read your message because its encrypted, they cant do anything with the information. Since 2013, over 13 billion data records have been lost or stolen. The average cost of a data breach in 2018 is $3.86 million. This number has grown by 6.4% since 2017. Data breaches can be costly because they take a while to identify. In 2018, the mean time to identify a breach was 197 days and the mean time to contain it was 69 days. Email encryption is a preventative measure you can take to avoid being part of a cybersecurity statistic.

Don’t Miss: How To Find Email In Archive

Think Before You Hit ‘send’

Even if you’re not working with sensitive data, email makes it entirely too easy to send the wrong information to the wrong people. Here’s a list of things you can check before hitting send on your next message:

  • Make sure you’re sending email to the right people. Check that you aren’t sending a message to the wrong person or addess. Make sure you didn’t accentially ‘reply-all’ or send to a group list instead of an individual.
  • Make sure you’re sending the right information. Don’t send any confidential information, of course, but also make sure you’re not sending any unintional information or information that isn’t necessary to send. Check to see whether you attached the correct file.

Comodo Free Secure Email Certificate

Comodo Free Secure Email Certificate allows you to protect your digital communications. The digital signature ensures confidentiality and provides secure message encryption with up to 256-bit security. The Comodo Free Secure Email Certificate is free for personal use, integrates with Microsoft® Office and major applications, and is trusted by popular email clients.

Email certificates provide the strongest levels of confidentiality and security for your electronic communications by allowing you to digitally sign and encrypt your mail and attachments. Encryption means that only your intended recipient will be able to read the mail while digitally signing allows them to confirm you as the sender and verify the message was not tampered with en route. Comodos email certificates are free for personal/home users and are available from as little as $12 per year for business users.

Read Also: How To Send A Video Through Email That Is Too Large

How Should You Exchange Sensitive Data

So weve established sending sensitive data via email is a bad idea. However you still need to send that passport or bank statement to your financial advisor. Email cant be trusted so we need to add a security layer on top of it. If information is encrypted before it leaves your device, and decrypted after it arrives on the device of the recipient, we call it end-to-end encryption.

When data is end-to-end encrypted, only the sender and the receiver have access to the data. Although using Google Drive, Dropbox or a similar service is more secure than email, these do not use end-to-end encryption. This means that these services could have access to your data, e.g. when requested by governments.

How to transfer data with end-to-end encryption? There are several options.

Types Of Email Encryption

Is Email Secure Enough for Sensitive Information?

The two main types of email encryption protocol are S/MIME and PGP/MIME. S/MIME is built into most OSX and iOS devices and relies on a centralized authority to pick the encryption algorithm. S/MIME is used most often because it is built into large web-based email companies such as Apple and Outlook.

PGP/MIME relies on a decentralized trust model and was developed to address security issues facing plain text messages. Within this model, there is more flexibility and control over how well you want your emails to be encrypted, but it requires a third-party encryption tool.

Also Check: Is There A Way To Recover Deleted Gmail Emails

Encrypting Files With 7

The instructions below assume you have 7-Zip on your machine and you are running Windows 7. There are unofficial 7-Zip packages available for non-Windows users, or you can use the free tools listed further down the page.

  • Right click on the files or folder you wish to compress and encrypt. Select 7-Zip from the menu and then Add to archive
  • Change the Archive format to Zip
  • Change the encryption method to the robust AES-256
  • Enter your password . Then click OK. The rest of the options can be left as default.
  • This will create an encrypted Zip file, in the same location as the original file, which can then be attached to an email as standard.

    Sending Sensitive Information To Patients If You Don’t Use Nhsmail

    You must never send confidential information to or from an email address which does not meet the necessary standards of security.

    Your email provider may have a way for you to encrypt emails so that you can send confidential information securely and to the appropriate security standards. Please refer to your organisations IT policies for guidance or speak to a member of your IT team for further information.

    Further information is available in the full encryption guide for NHSmail.

    Last edited: 1 November 2021 8:54 am

    Read Also: Finding Archived Emails

    What Sensitive Personal Information May Never Be Sent By Email

    Personal credit or debit card information may NOT be transmitted using the Tufts email system, Secure Email, or encrypted Adobe or Microsoft Office file. The Universitys P-card and Travel charge cards have different handling policies that are set by Purchasing that may allow for the use of Secure Email.

    The Risks Of Email Encryption

    The WWU: To Encrypt or Not to Encrypt  That is the Question

    The process of encrypting an email can be complex. It requires senders and recipients to understand and navigate public-private key pairs and often requires the use of a third party, which, in PGP, involves a browser or email client extension and, for S/MIME, a certificate authority.

    Beyond potential issues in handling public keys, users must worry about losing their private key or having it stolen. Private keys are encrypted with a secret password, which opens the door to all security issues related to poor password practices. If a private key is lost or stolen, it must be revoked, rendering all emails encrypted using that key pair unreadable.

    Even if all is done well and keys are kept safe, email encryption still leaves the email header — with recipient information and subject line — unencrypted, so sensitive data can accidentally be leaked that way. And PGP and S/MIME have had vulnerabilities in the past — such as Efail — that could enable an attacker to decrypt emails using them.

    In certain industries, such as healthcare or finance, where regulatory requirements demand, encrypted email may be required to ensure compliance. Outside those under regulatory requirements, the use of email encryption is decided by each organization’s company policy.

    Next Steps

    Recommended Reading: Recover Gmail Emails Deleted From Trash

    Using Password Managers To Share Passwords

    If you only need to send or share a password with anyone, there are password managers that let you share it securely. Some of these secure password managers include LastPass and Dashlane.

    You can also share other text information as well, alongside the password field. Its better to avoid sharing your password through messengers that arent encrypted.

    Guidelines For Using Either Internal Email Or Secure Email For Spi Other Than Credit And Debit Cards

  • Only provide SPI to persons who have a need to use the information for an authorized purpose.SPI may only be provided to persons whether within Tufts or externally – who need the information for an authorized purpose. Consider carefully whether using less sensitive information would be sufficient.
  • If the person receiving the SPI is outside of Tufts and is a vendor or other service provider, then you may not provide the SPI to them unless they are an approved vendor or service provider in compliance with the Massachusetts Data Privacy Laws and regulations.The Massachusetts Data Privacy laws and regulations require that before Tufts discloses Massachusetts regulated SPI to any vendor or other service provider, the vendor or other service provider must have entered into an agreement with Tufts in which they commit to abide by the requirements of those laws and regulations. To determine if a vendor or other service provider is a service provider approved by Tufts for SPI, contact .
  • Follow all University, school and local department policies, guidelines and practices applicable to SPI and email.These guidelines do not supersede any requirements established by the University, its schools, and local departments. This is especially important for the treatment of financial account numbers, including financial aid. Users should check with their manager or supervisor before using email for any SPI.
  • Don’t Miss: How To Get Deleted Emails From Gmail

    Since Email Use For Spi Should Be Limited What Are Some Other Alternatives I Can Use For Sharing Or Sending Spi Securely

    Some of the alternatives you can use are listed below. When using the Adobe or Microsoft encryption solutions with email, you will still want to follow the guidelines below.

    • Use Box for regular collaboration and sharing significant amounts of information. If you need to provide SPI on a regular basis to another Tufts staff member or if you need to provide a significant number of identification or financial account numbers, then it is strongly recommended that you establish a Box folder to share the information rather than using the Tufts email service. See the Tufts Box Use Guideline to learn what information may be stored in Tufts Box and see Box Collaboration/Sharing Tips for guidance on securely using Tufts Box.
    • Adobe Pro Suite gives users the ability to protect and encrypt a pdf file, which then may be sent by email. See Adobe Encryption. NOTE: Do not send an email with the file and the password in the same email. Find some other way to communicate the password to users other than email if you will be emailing the file.
    • Microsoft Office Suite – Word, Excel, and PowerPoint have options to protect and encrypt Office files, which then may be sent by email. See Microsoft Encryption. NOTE: Do not send an email with the file and the password in the same email. Find some other way to communicate the password to users other than email if you will be emailing the file.

    The Best Free Ways To Send Encrypted Email And Secure Messages

    How To Send Passwords Securely Via Outlook

    Lori Kaufman is a technology expert with 25 years of experience. She’s been a senior technical writer, worked as a programmer, and has even run her own multi-location business. Read more…

    Do you need to send someone sensitive information through email? Regular email is sent in the clear and therefore is subject to interception by hackers. However, there are many options for sending private, sensitive information securely through email.

    We have collected some links to sites providing solutions for sending secure email, secure one-time messages, and secure instant messaging, and encrypting files to send through email.

    Also Check: How To Retrieve Archived Emails In Outlook 2016

    Popular Articles

    Related Stories

    Stay on top - Get the daily news in your inbox