Why Use Encrypted Email? How will it Make Your Email Secure?
One of the most common questions people might ask you if you want to do business with them is “what is your email?”. Why do they ask this? Because email is still one of the best and most reliable ways to communicate online and that is why email is important.
But if you’ve been using an email for any length of time, you probably noticed by now that email, as it is, is not terribly secure or private. Sure, it’s free and accessible to anyone with a computer and a network connection, but it is also a common target by all sorts of bad actors.
What’s worse, it’s difficult to know whom to trust and whether the person who sent you an email is really who they say they are or are they an impersonator. For example, according to one study that was done by GreatHorn, almost half of their respondents (48.7%) reported impersonators.
What does this tell you? It tells you that you need to protect your email and make it more secure.
What is the Difference between Email Security and Email Encryption?
But how to do that?
By keeping your email data private and secure. This means making your email secure and encrypted.
Isn’t email encryption and secure email one and the same? Not exactly. In fact, email encryption is just one aspect of secure email (albeit probably the most important one).
However, email security also includes strong password protection, multi-factor authentication and, of course, a good deal of common sense (not sharing your password with everybody, not opening and downloading suspicious attachments and links, etc.).
Here are some of the best ways to secure your email:
- Use strong passwords
Never reuse a password (especially for email) or use a password that is easy to guess. A strong password needs to be at least 12 chars long, and include lower-case and upper-case letters, numbers and special characters.
Never share or give out your password!
- Use multi-factor authentication
Multi-factor authentication (like 2FA) allows you to put an extra layer of protection besides the password. This will be another piece of information that someone trying to access your account will need to know, such as an SMS or a token delivered to your smartphone.
- Never open or download attachments from unknown sources
If you’ve received an email from someone you don’t know and it contains links or attachments, it’s best not to be curious and avoid opening or downloading the link or the attachment. These might be infected with malware, which can spread to your computer or they might take you to a fake phishing website.
- Avoid public WiFi
Public WiFi is okay if you just want to browse the Internet while waiting for your airplane, but if you need to log in to your accounts, like your email or bank account, avoid it. Someone might be monitoring the WiFi and can use it to steal your username and password.
- If someone asks you for your personal information don’t give it to them
Email is not the place where you should share your personal or financial information, regardless of who is asking on the other side. If you have to do this via email, be sure that both you and the other party are using encryption before you share your information.
- Don’t use work email for personal stuff
Always separate your work email from your private email. Never use your work email to log in to accounts like Facebook or websites that are not related to your work.
Also, don’t use your work email to send and receive private messages.
- Educate yourself about phishing emails
You should also know how to identify a phishing email and how to protect against it. Phishing is a serious threat and it involves a hacker impersonating someone else to gain your trust and have you reveal sensitive information to them (such as your credentials).
You can also check out this article we made with 21 email security best practices that you need to follow in 2021.
What is Email Encryption and Why Use Encrypted Email?
Where does encryption fit into all of this?
Well, let’s see first what it is and why use encrypted email in the first place.
Email encryption means disguising the contents of an email message, email subject, or email attachments so that it becomes unreadable unless the other person has the right tool or information to read it.
Encryption can be either symmetric or asymmetric.
Symmetric encryption is the older, less secure of the two, but also somewhat faster. It uses the same, “public” key to decrypt a message into a cipher text, which consists of a mathematically unrelated string of random letters, symbols and numbers, which in theory only the recipient with whom the sender shared that key will be able to decrypt and read.
The problem with this type of encryption lies in the fact that the key needs to be exchanged between the two parties on the network. This means that, potentially, if a third party is monitoring the exchange, they might be able to intercept the key and use it to decrypt and read the message themselves.
This is called a “Man-in-the-Middle (MitM) attack” and it happens when a 3rd-party (cyber attacker) manages to intercept the transaction of data and information between the sender and recipient to modify or steal sensitive information.
What makes the job easy for the MiTM attacker is the fact that the key is often exchanged in plain text itself via email as well, and is therefore not protected itself and easy to read.
Because of these disadvantages of symmetric encryption, asymmetric encryption was developed. Instead of using one key like symmetric, asymmetric encryption uses a pair of keys, public and private.
In this case, data is first encrypted with a public key. This key is available freely to anyone and therefore doesn’t really require security. However, the message can only be decrypted using the private key, which only the recipient will own.
As a result, it becomes much more difficult for a cybercriminal to misuse the keys.
We can also divide encryption in another way. End-to-end encryption and transport layer encryption.
End-to-end encryption, or E2EE protects emails at rest, so while the email is on the mail server. This type of encryption includes two methods, PGP and S/MIME.
On the other hand, transport layer encryption, such as TLS (Transport Layer Security), and SSL (Secure Socket Layer) is an application-layer protocol that protects the email in transit between the sender and the recipient. For instance, Gmail uses TLS.
Okay, technical details aside, why use encrypted email?
Well because it’s important to ensure that your data is secure and that you can communicate safely with others via email.
Email is still the most popular business communication tool, despite IM, VoIP and other protocols threatening it. There are more than 4 billion email users around the world and nearly 300 billion emails are sent and received each day, according to Campaign Monitor.
Unfortunately, this also means that email is often a target for hackers.
Why Do Hackers Want Your Email Address?
In order to protect your email from them, you need to first understand why do hackers want your email address in the first place.
The most common reason is that they want access to sensitive information in your email. This could be your personal information such as your name, address or other PII (personally identifiable information), like the Social Security Number (SSN) or your financial information like bank accounts, credit card numbers, etc.
On the other hand, it can also be information about your company like trade secrets, tax records of your employees, data related to your users and customers and much more.
As you can see, there is plenty of sensitive data that a hacker can collect from your email, which is why it’s important to protect it using a strong encryption.
But stealing data isn’t the only reason why do hackers want your email address. They also might want to use it to impersonate you.
For instance, if a hacker gained control of your email account (meaning your username and password), they can send emails to your contacts, pretending they’re you and ask them for money urgently.
Your friends and family will be naturally worried for your well-being and might not ask too many questions, which is what the hacker is betting on, so he’ll ask them to send the money to a specific place or account.
Finally, since email is often used in the login process for many of your online accounts, a hacker might also want it to log into these sites, especially if there’s money in them (bank account, PayPal, etc.).
With access to your email, a hacker can also request a password reset from the account and easily access it with a new password, locking you out of it effectively.
What About Anonymous Email?
You probably noticed that we haven’t touched on the anonymous email yet.
Being able to send anonymous mail to somebody is another useful way to protect your email.
So how to create an anonymous email?
We already explained how to create an anonymous email in a previous article, so you can check that post for more details on this. Right now, we’ll just give you the short and quick version of how and why.
You will need to set up untraceable email account first. The best way to do this is to use an anonymous or untraceable email service like CTemplar. Our email service allows you to create an email account without a phone or credit card verification, thus making sure that others won’t be able to trace your identity back through these.
What also makes CTemplar untraceable is the fact that your IP address is not logged or stored anywhere and instead CTemplar uses its own IP. This ensures that your outgoing emails won’t be traced back to you using your IP.
To set up untraceable email account:
- Go to CTemplar.com
- Go to Sign Up
- Select an account type you want to use. You can upgrade at any time and there’s a 14-day money-back guarantee if you are not satisfied with the service.
- Create your new email with your username and password. You’ll be the only one with access to the password since CTemplar uses Zero Password Proof protection.
In addition to allowing you to be a ghost and to send anonymous mail to somebody, CTemplar also uses a strong, 4096-bit encryption on the client side using the OpenPGP standard to protect your email messages, subjects and attachments and it will encrypt your email data both at rest and in transit.
To send an email that won’t be traced back to you, you first need to ensure that your Internet connection is encrypted and that you are hiding your real IP address. You can do this by either using a VPN or an anonymous Tor browser.
Next, sign up for a secure email that will protect your privacy like CTemplar, which will allow you to sign up without a phone verification.
Why email is important?
As you can see, despite being called “obsolete” and “ancient”, email is still widely used, especially in business communication.
However, as email carries with it all kinds of sensitive data, it needs to be protected using encryption.
Looking for a secure email account that won’t be traced back to you? Sign up for CTemplar: Armored Email today and regain your right to privacy now.