This article was inspired by Sue Marquette Poremba who published a very similar article in Security News Daily in June 2012.

For most of us, the email messages we send wouldn’t be classified as sensitive. They can be personal, yes, and once in a while you’ll want to make sure the content of a message is kept confidential between sender and receiver.

But sometimes, sending sensitive information — social security numbers, passwords or credit-card numbers, for instance — via email is necessary. At such points, consider sending an encrypted email message.

Standard email messages are sent in plain text, so it’s possible for someone else to snoop on you and read them. When you encrypt mail, on the other hand, it makes the messages completely unreadable to anyone who doesn’t possess a decryption key.

“It’s like locking a message in a safe, then shipping that safe,” said Terence Spies, chief technology officer of Voltage Security, an enterprise-security company in Cupertino, Calif. “If you trust the safe, you no longer need to trust the people moving it.”

Methods of encryption

PGP (Pretty Good Privacy) is the most common e-mail encryption standard.

PGP uses a public and private key pair.  Your public key is what you send to people who want to send you encrypted emails, and your private key is what you use to decrypt them.  Public-key certificates are great because neither you nor the intended recipient of your encrypted email need to exchange secret information beforehand.

Historically, when you wanted to send secret information to someone, you’d first need to agree on some kind of cipher or password and exchange that with them in some very secure manner. Using certificates, I can send part of my key to everyone, and you can encrypt whatever you want to send me with that part of my key.

Potential pitfalls

In most scenarios, the person receiving the email will have to PGP software installed on their computer so that they can use the sender’s public key to ‘unlock’ the email.

Sending email through a webmail service like Gmail is secure in that your computer’s connection to the service is encrypted, but the email message you send out from that service is not encrypted.  Mailvelope is an excellent PGP plugin for webmail, including Gmail.

Email offered by online providers is usually not encrypted when it’s stored. Without encrypting your email, an employee, support vendor and black-hat hackers might be able to read your personal messages.

Please consider using PGP email encryption as a way to keep data private. We routinely use email as an efficient way to exchange high-value documents. It is a good, prudent way to avoid being bitten by many of the data security problems that are so prominent these days.

Click here for my PGP public key.

/s/  Daryl Jones