How to encrypt e-mail messages and whether it will become “safer” from this

Is e-mail information protected?

An honest answer to this question will be: “Yes. But no". When you visit most sites, the HTTP protocol is displayed in the address bar. This is an unsafe connection. If you log into the account of one of the major mail services, you will already see HTTPS. This suggests the use of SSL and TLS encryption protocols, which provide a safe "travel" of the letter from the browser window to the mail server. However, this does not give anything in connection with the new SORMwhich comes into force on July 1, 2014. Moreover, absolutely nothing protects your correspondence from an unscrupulous employee of the mail service company, hacker attacks, an unsecured session on someone else's computer, an unprotected Wi-Fi point, or any requirement of the special services - now - and even the mail service itself, in accordance with their own privacy policy.


All letters arriving, leaving or stored on the mail service server are at the complete disposal of the company to which it (the server) belongs. Ensuring security during the shipment itself, a company can do whatever it wants with messages, since, in fact, it receives letters at its disposal. Therefore, you can only hope for the decency of her (company) management and employees, as well as the fact that you are unlikely to seriously interest anyone.

When using corporate mail, correspondence is protected by IT services, which can install a very strict Firewall. And, nevertheless, this also will not save if an unscrupulous employee "merges" the information. This is not necessarily a system administrator - an attacker just needs to be “inside” the corporate network: if he is serious, the rest is a matter of technology.

Encrypt

Encryption of the text of letters and attachments can slightly increase the level of protection for your mail “from a fool” (they can also be archived with a password, for example, if the text itself does not contain sensitive data, but the archive contains). In this case, you can use special software.

The body of the letter itself can be encrypted with a third-party cryptographic program, as was previously written about this., let me repeat a little in my own way. The most popular service for which the encryption program is specially designed is Gmail. The SecureGmail extension is installed in Google Chrome, which supports this encryption, after which everything is very simple - a password is entered for the encrypted message and a prompt is prompted to restore it. The only drawback is the restriction of use only for GoogleChrome.

There is an encoder that is suitable for almost any online mail, for example, for mail.ru, yandex.ru, Gmail.com - for all email services that you can open in the Mozilla browser window. This is an encrypted communication extension. The principle of operation is the same as that of SecureGmail: after writing a message, select it with the mouse, then press the right button and select "encrypt using Encrypted Communication". Next, enter and confirm the password known to you and the recipient. Naturally, both of these clients must be installed both at the recipient, and at the sender, and both of these people must know the password. (It is worth noting that it would be rash to send the password by the same mail.)

In addition to the plug-ins for the browser in which you open mail, there is an application for desktop clients, which can also be used with online mail services - PGP (Pretty Good Privacy). The method is good, because it uses two encryption keys - public and private. And you can also use a number of programs for both encrypting data and encrypting message text: DriveCrypt, Gpg4win, Gpg4usb, Comodo SecureEmail and others.

Sadly, an advanced encryption technique, however easy to use and beautiful, will not save if, for example, a backdoor is installed on your computer, which takes screenshots and sends them to the network. Therefore, the best way to encrypt is not to write letters. The motto “We must meet more often” takes on a new meaning in this context.

Minimize risks

As noted above, the ideal way to encrypt is not to write letters. Most often, you should not use free email services to conduct correspondence on work, especially if you signed a non-disclosure agreement. The fact is that if your messages are intercepted from corporate mail, they will deal with the security breach with the company's IT department. Otherwise, you are personally responsible. Remember: when using "external" mail, correspondence will necessarily be sent to third parties, at least to employees of the company that provides the mail service. And they did not sign a non-disclosure agreement with your employer.

If you are an important person in the company, do not send key documents through open channels, or do not use email at all, but use corporate mail to work and do not send important letters to the addresses of free email services.

In all other cases, for example, when concluding contracts, it is useful to use mail, since the electronic message contains the facts of your work arrangements and can help you in the future. Remember that most of the "outflows" of information occur due to the fault not of hackers, but of the "human factor". It may well be enough for you to use complex passwords, change them regularly and prevent them from being lost. Do not forget to close your sessions on other people's computers, do not use unprotected connections when working via Wi-Fi in public places, check the box in the mailbox settings “remember my IP address”, “track the IP addresses from which the sessions were opened”, “do not allow parallel sessions. " And also do not create simple questions and answers for password recovery and do not lose your mobile phone,