Gmail offers TLS encryption for email transit, but additional security measures are advisable.
S/MIME is a security protocol that encrypts emails using public key cryptography. It's the most secure option but requires both the sender and receiver to support it.
Confidential Mode is a Gmail feature that restricts the forwarding, copying, printing, or downloading of emails and their attachments.
Third-party plugins like Flowcrypt, SendSafely, and Mailvelope provide additional encryption options for Gmail users.
Strac’s Gmail DLP promptly detects and redacts sensitive content in emails. It also provides a variety of data protection measures, such as encryption, alerts, blocking, quarantining, logging, and forwarding.
How do you send an encrypted email in Gmail?
Gmail uses TLS to encrypt emails in transit. This leaves emails vulnerable to unauthorized access on reaching the destination server, especially if they linger in the recipient's inbox. You can encrypt emails using S/MIME, Confidential Mode, and other third-party plugins to protect sensitive information. Learn how to use these options to secure your email communications.
S/MIME: Encrypt and digitally sign emails for enhanced security
S/MIME, or Secure/Multipurpose Internet Mail Extensions, is a security protocol that encrypts emails using public key cryptography. When sending an S/MIME encrypted email, the sender encrypts it using the recipient's public key, ensuring only the recipient with the corresponding private key can decrypt it.
You can also use S/MIME to digitally sign emails, verify your identity, and ensure the email has not been tampered with. To digitally sign an email, the sender uses their private key to create a digital signature and attach it to the email. When the recipient receives the email, they can use the sender's public key to verify the digital signature. This can help prevent phishing attacks and other forms of fraud.
S/MIME complies with security regulations, making it ideal for corporate use.
Implementation may require IT support due to its complexity.
Both parties must support S/MIME to send and receive encrypted emails.
S/MIME does not encrypt the subject line or metadata of emails.
Server issues may expose encrypted emails.
Confidential mode: Prevent accidental sharing of sensitive information
Confidential mode in Gmail is a feature that restricts the forwarding, copying, printing, or downloading of emails and their attachments. Senders can set message expiration dates, revoke access at any time, and require an SMS verification code to allow message access.
This mode is available for personal Gmail and Google Workspace (formerly G Suite) accounts.
Confidential mode doesn't prevent recipients from taking screenshots or utilizing malicious software to copy or download the email content.
How to turn on confidential mode?
For Google Workspace (paid) accounts - Organization level:
Sign in to an administrator account.
In the Admin console, navigate to "Menu" > "Apps" > "Google Workspace" > "Gmail" > "User settings."
In User settings, scroll down to "Confidential mode."
Check or uncheck the "Enable confidential mode" box.
Save your changes.
For Personal Gmail accounts:
Open Gmail on your computer.
Click "Compose" to create a new email.
In the bottom right corner of the email composition window, click "Turn on confidential mode."
Set an expiration date and choose whether to include a passcode.
If you opt for "No SMS passcode," Gmail app users can open the email directly, while non-Gmail users will receive an email containing the passcode.
If you choose "SMS passcode," recipients will receive a passcode via text message. Ensure you enter the recipient's phone number, not your own.
5. Click "Save."
Pros and cons of confidential mode
Confidential mode, while not an encryption method, adds an extra layer of security to your emails. Let’s look at its pros and cons:
It is convenient for regulated industries to send secure emails.
Simplifies the process of sending secure emails to all Gmail users.
Recipients can still take screenshots or photos of confidential emails.
Recipients can find ways to bypass the expiration date and passcode requirements.
You can’t use confidential mode while scheduling emails.
Notice a small lock icon to the right of the recipient's name; it shows the level of encryption that your message's recipients support. If there are multiple users with various encryption levels, the icon will show the lowest encryption status.
Click the lock to adjust your S/MIME settings or gain insights into your recipient's encryption level.
How to verify the encryption of received emails?
Follow the steps below to check whether you’ve received an encrypted email:
Open the received email.
Select "View details" on Android and then "View security details." On iPhone, tap "View details."
You'll now see colored icons indicating the encryption level.
Green (S/MIME enhanced encryption): The highest level of encryption, only the recipient with the private key can decrypt.
Gray (TLS or standard encryption): Used when an email service doesn't support S/MIME.
Red (No encryption icon): The email is unencrypted.
Alternative options to secure Gmail emails
Besides Gmail’s native security features, third-party plugins can enhance your email security further.
Option 1: Flowcrypt
Flowcrypt is a desktop extension available for Firefox and Chrome. It seamlessly integrates with Gmail and introduces a "Secure Compose" button to your interface. Flowcrypt secures your messages using industry-standard Pretty Good Privacy (PGP) encryption. Here's how to use Flowcrypt:
Install the Flowcrypt extension for your preferred browser.
Click the "Secure Compose" button.
Enter a message password in the input field at the bottom of the “Secure Compose” window.
Click “Encrypt and Send” to send your email.
Option 2: SendSafely
SendSafely is an end-to-end encryption platform that ensures only you and your intended recipients can access shared information. It eliminates the need for pre-shared encryption keys or passwords. Here are the steps to send encrypted emails using SendSafely:
Install SendSafely Extension from the Chrome Web Store.
Authenticate and obtain the API Key and API User ID.
Enable "Google Mail Integration" in SendSafely settings.
Encrypt Attachments - Use the SendSafely icon in Gmail to encrypt attachments.
Encrypt Entire Message - Choose this for complete email encryption.
Option 3: Mailvelope
Mailvelope is a Chrome extension offering PGP encryption for Gmail. It provides robust end-to-end encryption. However, it may require some technical knowledge to set up.
Here's how to use Mailvelope:
Install Mailvelope Extension from the Chrome Web Store.
Open the Mailvelope editor by clicking the Mailvelope icon next to the compose button.
Enter the recipient's email address in the Mailvelope Editor.
Mailvelope will attempt to find the recipient's key. Green indicates success, red means no key found.
Compose your email, add attachments, and click "Submit" to send securely.
Strac provides end-to-end data loss prevention for all SaaS and Cloud apps. Integrate in under 10 minutes and experience the benefits of live DLP scanning, live redaction, and a fortified SaaS environment.