What is S/MIME and Do You Need it?

Is your spam folder full? That’s good because it means that your email client’s filters are doing the job. 

But what if I tell you that they are not able to identify ALL of the spam and phishing emails you get. Some of those still slip through. 

You see, while spam and phishing have both been around for a couple of years and even decades (first recorded spam email was sent in 1978 and the first phishing email in 2001), that doesn’t mean they haven’t evolved since those times. 

Spam and phishing emails are often far from benign and may contain malware in them that the hacker can use to penetrate your email. According to Verizon 92% of malicious software is delivered through your email inbox.

Today, hackers have evolved in their methods to not just fool whatever defenses your email client has by default, but also to fool you into thinking they are someone you can trust.

Because of this, it is unwise to rely solely on whatever protection your email client has by default, but instead, look to adding an extra layer of email encryption to it.

One type of encryption that you should look into is called S/MIME and this article will explain to you what it is, how it works and how it can protect your email.

What is S/MIME Encryption?

You may have heard about several types of email encryption, including PGP and TLS and you may have also heard someone mentioning S/MIME along with them. 

So, what is S/MIME encryption? 

S/MIME is an acronym that stands for “Secure Multipurpose Internet Mail Extension” and it is an end-to-end email encryption protocol that uses asymmetric cryptography for your email protection.

What does “asymmetric cryptography” mean?

Asymmetric or public-key cryptography is a cryptographic system that uses a pair of keys - a public key and a private key. The email you send is first encrypted using a public key, which is available to anyone and can be passed around freely. However, to encrypt the message, the recipient will need a private key, which is something only he should have.

This means that, as long as the private key remains hidden, no one but the intended recipient will be able to open the email that you send them. Since it is impossible to figure out the private key from the public key, this makes asymmetric cryptography extremely 

Important to secure your email.

Email by default is not very secure. Sure, your email will, for the most part, be protected on its way between the client (you) and the email server (the recipient), making it hard for someone to intercept your sensitive documents.

However, your emails at rest or in transit elsewhere are still vulnerable to a hacker intercepting and tampering with them.

Unencrypted emails are the number one cause of email data breach. The US Department of Health and Human Services, for example, lists HIPAA breaches on its “Wall of Shame” and the vast majority of these breaches originate from email.

Do You Need S/MIME Email Encryption?

Do you need to encrypt your emails with S/MIME? 

For an organization, email encryption is a must if they don’t want to suffer a data breach as Choice Hotels did in 2019 when hackers stole personal information from around 700,000 of their customers.

In this case (as with every other data breach), the parent company of Quality Inn, EconoLodge, Comfort Inn and other hotel brands not only suffered huge financial damage because of the breach, but more importantly, a blow to their reputation.

But what about you? Do you need S/MIME encryption?

Here are a few benefits that Secure Multipurpose Internet Mail Extension provides:

  1. It protects your sensitive and confidential information from accidental and purposeful data leaks.
  2. It protects your email from hackers trying to mess with your email while in transit and install malware.
  3. The digital signature verifies the identity of the sender and protects the recipient from spoofing, aka someone impersonating an authentic sender.
  4. With the digital signature in place, the sender can’t deny that they sent an email.
  5. It ensures that your business emails are GDPR and/or HIPAA-compliant.
  6. S/MIME email also warns the recipient if a hacker has tampered with the digital signature in any way.

These are not only important for an organization to protect their customer’s email accounts and confidential information, but also for the individuals themselves. As we have already said, more than 90% of all malicious software, including viruses, trojans and other are sent via email

What that means is that every unencrypted email is another opportunity for the hacker to attack you and steal your sensitive information.

How to Set Up S/MIME?

S/MIME encryption is not available by default on Gmail and you will need G Suite for it. To activate it you need to:

  1. Log in to your Administrator Account.
  2. Go to Apps>G Suite>Gmail>User Settings.
  3. Select Your Organization or Domain to configure under Organizations.
  4. Tick the Enable S/MIME box.
  5. Save.
  6. Have users reload their Gmails.
  7. Upload S/MIME certificates by going to Settings>Accounts>Edit Info>Upload a personal certificate>Opening the certificate>Enter password>Add certificate.
  8. Have users exchange their S/MIME encryption keys.

Next to the name of your recipients, you should see a lock icon. This shows the level of encryption (if they have S/MIME) for that recipient. The red lock means that they don’t have encryption, the green means that they have strong encryption, while the gray lock icon means they only have Transport Layer Security (TLS).

However, you may also need to have your users upload their own S/MIME certificates, or set up a root certificate management and that’s the biggest problem with S/MIME. 

It can be very hard to configure if you don’t know exactly what you are doing, so you may need an IT expert to do it for you.

Still, even with that, S/MIME can provide an important layer of defense to your email.

Need an anonymous email with the strongest encryption? Sign up for a free or paid CTemplar account. Our emails are 100% anonymous (no SMS verification, fully anonymous payment options and hidden IP) and are protected with 4096-bit encryption at transit and at rest.