Secure communication: How to encrypt and sign your emails

1. June, 2021

Both because of the EU GDPR and as a measure to protect against cybercrime, it can make sense to encrypt and sign digital messages. While encryption ensures that emails can only be read by the recipient (or the recipient’s email account), a digital signature confirms that a message was actually sent by the indicated sender (or the sender’s email account).

Encryption of personal data minimises the risk of a data protection incident. It is considered the best way to protect data in transit and is a way to secure stored personal data. [1]  It also prevents fraud scenarios such as identity theft, fraudulent orders or the hacking of an entire account.

Encryption of the connection (SSL/TLS)

As soon as the connection to the email provider is not encrypted, other users in the network can access login data and view messages that are being sent or received. Therefore, the entire data exchange between client PC/browser/mail programme on the one and the server on the other side should only run via SSL (Secure Sockets Layer) or TLS (Transport Layer Security). This is the same security scheme that is used, for example, for online banking and online shopping.

Regardless of whether emails are accessed via a browser on a desktop, laptop, smartphone or tablet – it is worth taking a look at the address bar: if it starts with https (instead of just http), SSL/TLS encryption is activated.

Encryption of emails (S/MIME)

For secure communication via e-mail, either the encryption functions of the mail provider can be used or corresponding software can be installed or a client add-on can be used. Most forms of e-mail encryption – including the two most common asymmetric encryption methods today, S/MIME (Secure/Multipurpose Internet Mail Extensions) and Open PGP (PGP stands for Pretty Good Privacy) – require that a security certificate be installed on the computer and that a “public key” be transmitted to the contacts. This enables the recipients to decode the message.

Support for the S/MIME standard is pre-installed in many e-mail programmes, including Microsoft Outlook. The Microsoft support page describes how to activate the feature in different Outlook versions. In addition, browser add-ons such as Gmail S/MIME for Firefox support encryption for web-based email services.

Signing messages digitally

Unlike a “normal” signature, which can be attached to an outgoing message and can be freely copied, a digital signature can only be used by the respective owner. The digital signature therefore enables the authenticity of the sender to be verified and helps to prevent manipulation.

This function is also important if e-mails are used as a substitute for fax messages with personal data and manual signatures. Instructions for setting up digital signatures for individual or all outgoing messages can be found on the Microsoft support page.


https:/ (German)

Worth reading:

Making e-mails more secure: Effective protection against sender fraud

Defense in Depth
Qlocker 01

Ransomware Qlocker: How to restore your data (for the most part)

Two Austrian security experts analyzed the method the hackers used and found out, that they made a mistake.
Beat The Best
Microsoft Exchange
*IKARUS quick survey (Q1 / 2021): Cybersecurity in times of corona
Flash End