Protecting corporate email. How to send and receive encrypted emails

All emails coming, leaving or stored on the server postal service are at the complete disposal of the company to which it (the server) belongs. By ensuring security during the transfer itself, the company can do whatever it wants with messages, since, in essence, it receives the letters at its disposal. Therefore, you can only hope for the integrity of its (company) management and employees, and also for the fact that you are unlikely to seriously interest anyone.

When using corporate mail correspondence is protected by the IT service, which can install a very strict Firewall. And, nevertheless, this also will not save you if an unscrupulous employee “leaks” the information. It's not necessarily about system administrator- the attacker only needs to be “inside” corporate network: if he is serious, the rest is a matter of technique.

Let's encrypt

The body of the letter itself can be encrypted with a third-party cryptographic program, let me repeat this a little in my own way. Most popular service, for which an encryption program was specially created - Gmail. The SecureGmail extension is installed in Google Chrome, which supports this encryption, after which everything is quite simple - a password is entered for the encrypted message and a hint question to recover it. The only drawback is that it is limited to GoogleChrome only.

There is an encoder that is suitable for almost any online mail, for example, mail.ru, yandex.ru, Gmail.com - for all mail services that you can open in a window Mozilla browser. This is an extension of Encrypted Communication. The principle of operation is the same as SecureGmail: after writing a message, select it with the mouse, then right-click and select “encrypt using Encrypted Communication.” Next, enter and confirm a password known to you and the recipient. Naturally, both of these clients must be installed on both the recipient and the sender, and both of these people must know the password. (It's worth noting that it would be reckless to send the password via the same email.)

In addition to plugins for the browser in which you open mail, there is an application for desktop clients that can also be used with online mail services - PGP (Pretty Good Privacy). The method is good because it uses two encryption keys - public and private. You can also use a number of programs both to encrypt data and to encrypt the text of a letter: DriveCrypt, Gpg4win, Gpg4usb, Comodo SecureEmail and others.

Sadly, advanced encryption technology, no matter how easy to use and beautiful it may be, will not help if, for example, a backdoor is installed on your computer, which takes screenshots and sends them to the network. That's why best way encryption - do not write letters. The motto “We must meet more often” takes on a new meaning in this context.

We minimize risks

If you are an important person in the company, do not send key documents via open channels, or do not use e-mail to transmit them at all, but use corporate mail for work and do not send important letters to addresses of free mail services.

In all other cases, for example, when concluding contracts, it is useful to use mail, since email message contains the facts of your work agreements and can help you in the future. Remember that most information leaks are not due to the fault of hackers, but to the “human factor.” It may well be enough for you to use complex passwords, change them regularly and prevent their loss. You should remember to close your sessions on other people’s computers and not use unsecured connections when working via Wi-Fi in public places, check the boxes in the settings mailbox“remember my IP address”, “track IP addresses from which sessions were opened”, “prevent parallel sessions”. And also do not create simple questions and answers to recover your password and do not lose mobile phone, if your account is linked to it.

To use encryption and/or digital signature according to the OpenPGP standard, you must either create a pair of PGP keys and send your public key to correspondents (so that they can encrypt letters addressed to you), or import public PGP keys from other people (so that they can the ability to send them encrypted emails). Both operations can be done usingPGP Configuration Wizards in the Service menu . The wizard will guide you through the process of creating/importing a PGP key pair or importing public keys.

The first step of the wizard describes general principles PGP works.

The second step asks you to choose between creating a new public-private PGP key pair or importing an existing key.

Creating a new set of PGP keys

If you choose to create a new key pair, first of all the wizard prompts you to indicate for which Persona the key is being created.

You should also specify a password that will protect the key.

Settings button allows you to install additional options key (you can leave the default values).

Key type - allows you to select an encryption and digital signature algorithm. There are two options available: RSA and Elgmal/DSS. When choosing RSA algorithm, it is used for both encryption and digital signing. In the case of Elgmal/DSS, Elgmal is used for encryption and DSS is used for signing.

Key size - allows you to select the key length. Longer wrench length provides more reliable protection. However, be aware that a long key may cause significant delays during encryption/decryption.

Expires - the key validity period is set here. Once the validity period expires, a new pair of keys will be required, the private key will no longer be able to decrypt messages, and the public key will no longer be able to encrypt.

The next step of the wizard suggests exporting the public key to a *.pgp file for its subsequent distribution.

Import PGP keys

If you choose to import a key rather than create it, the next step will ask you to import the key. To do this you need to press the button Review and select a file containing a pair of keys (public and private), or files of public keys from people with whom you plan to correspond.

Once imported public keys, it becomes possible to send encrypted messages to key owners. To encrypt generated message, you need to go to the menu PGP and enable the optionEncrypt a letter. The email will be automatically encrypted when you press the button Send . All attachments will also be encrypted.

Having a personal PGP key allows you to add a digital signature to a letter. For the recipient, the signature will be a guarantee that the letter came specifically about you. To add a digital signature to an email message, go to the menu PGP activate parameterSign the letter.

When an encrypted message arrives, EssentialPIM attempts to decrypt it automatically when you try to read it. Encrypted messages can be easily identified by their padlock icon.

If your PGP key is password protected, the program will ask you to enter the password when you try to read an encrypted message.

Remember password for X minutes- this option allows certain time decrypt letters without additional password request. The function is useful when you have to read several encrypted messages.

When the letter is successfully decrypted, EssentiaalPIM adds the corresponding inscription to the header part of the letter -Decrypted letter.

If the letter was signed digital signature and the signature has been confirmed, the following entry is added to the header part:

If decryption fails for any reason, be it wrong password or the absence of a corresponding key, the following message is added to the header:

Encryption email an extremely necessary thing that users rarely think about. They begin to think about and take measures to protect email only after they are attacked. Today I will tell you how to encrypt email and prevent the interception of important, confidential data.

1. Email service provider with PFS

Use the services of providers who already use new system perfect forward secrecy (PFS).

In Russia, PFS is already offered by such services as: Web.de, GMX and Posteo.

2. Setting up Gpg4win

Install the installation package. Typically, the package is used from an account Windows administrator.

If you don't want to take the risk, you can still reduce vulnerabilities using limited account user for encrypted communications to deny access to account profile data.

3. Create encryption

Open the Kleopatra certificate manager, which is installed on your computer along with Gpg4win, and click File | New Certificate... to launch the key generation wizard. Select here Generate a personal OpenPGP key pair and enter your name and email.

By clicking Next, enter a code word that is easy to remember for you, containing uppercase and lowercase letters and numbers. Skip the last dialog box, click on the finish button, and your key pair is ready to use.

4. Setting up Thunderbird and Enigmail

Download and install for your email. If you use the services of large providers or Posteo, then for the installation wizard it will be enough to enter email address and password that you have to log in through the service’s web client. When setting up the Enigmail add-on in Thunderbird, press Alt to display the menu and click on the tab Tools | Add-ons. In the search bar, type Enigmail and press Enter. The first entry should be latest version Enigmail. Click the Install button.

After installing and restarting Thunderbird, you will be greeted by the Enigmail wizard. In the settings of this wizard, select Convenient automatic encryption, Don't sign messages by default... And Change parameters: Yes. In the Select Key dialog box, click on your key that you created in step 3. Now your emails will be encrypted.

5. Encryption of emails and attachments

You can continue to send and receive unencrypted emails using Thunderbird or from your provider's web client. If you want to send an encrypted message, obtain its public key from the future recipient, save it on hard drive and import into the Kleopatra utility: to do this, open it and select “Import Certificates”. To encrypt a letter, first write it and attach the necessary attachments. Then in the Write letter window, click on the Enigmail menu, where the current encryption and signature status of the letter will be displayed in the first two entries.

By clicking the arrow icon next to it, you can force emails to be sent encrypted or unencrypted. You must add a signature to encrypted emails so that the recipient can verify that you actually sent the email.

6. Receiving encrypted emails

To send you a cryptographically secure email, you need to use Enigmail (or another OEP-PGP-compatible solution, such as Claws Mail) and your public key, which you should send in an unencrypted email to the future sender. Click in mail on Enigmail | Attach my public key. When receiving an encrypted email, Enigmail will require you to enter a password.

That's all. With the help of the steps described above you will be able to reliably. If you liked the article, click on your social media buttons. networks and subscribe to site news on social networks.

How to encrypt messages via e-mail and will this make it “safer”

• Information security

Is information sent via email secure?

All letters arriving, leaving or stored on the mail service server are at the complete disposal of the company to which it (the server) belongs. By ensuring security during the transfer itself, the company can do whatever it wants with messages, since, in essence, it receives the letters at its disposal. Therefore, you can only hope for the integrity of its (company) management and employees, and also for the fact that you are unlikely to seriously interest anyone.

When using corporate mail, correspondence is protected by the IT service, which can install a very strict Firewall. And, nevertheless, this also will not save you if an unscrupulous employee “leaks” the information. We are not necessarily talking about a system administrator - an attacker only needs to be “inside” the corporate network: if he is serious, the rest is a matter of technique.

Let's encrypt

The body of the letter itself can be encrypted with a third-party cryptographic program, let me repeat this a little in my own way. The most popular service for which an encryption program was specially created is Gmail. The SecureGmail extension is installed in Google Chrome, which supports this encryption, after which everything is quite simple - enter a password for the encrypted message and a hint question to recover it. The only drawback is that it is limited to GoogleChrome only.

There is an encoder that is suitable for almost any online mail, for example, mail.ru, yandex.ru, Gmail.com - for all mail services that you can open in a Mozilla browser window. This is an extension of Encrypted Communication. The principle of operation is the same as SecureGmail: after writing a message, select it with the mouse, then right-click and select “encrypt using Encrypted Communication.” Next, enter and confirm a password known to you and the recipient. Naturally, both of these clients must be installed on both the recipient and the sender, and both of these people must know the password. (It's worth noting that it would be reckless to send the password via the same email.)

In addition to plugins for the browser in which you open mail, there is an application for desktop clients that can also be used with online mail services - PGP (Pretty Good Privacy). The method is good because it uses two encryption keys - public and private. You can also use a number of programs both to encrypt data and to encrypt the text of a letter: DriveCrypt, Gpg4win, Gpg4usb, Comodo SecureEmail and others.

Sadly, advanced encryption technology, no matter how easy to use and beautiful it may be, will not help if, for example, a backdoor is installed on your computer, which takes screenshots and sends them to the network. Therefore, the best way to encrypt is not to write letters. The motto “We must meet more often” takes on a new meaning in this context.

We minimize risks

If you are an important person in a company, do not send key documents through open channels, or do not use e-mail to transmit them at all, but for work, use corporate mail and do not send important letters to addresses of free mail services.

In all other cases, for example, when concluding contracts, it is useful to use mail, since the electronic message contains the facts of your work agreements and can help you in the future. Remember that most information leaks are not due to the fault of hackers, but to the “human factor.” It may be enough for you to use complex passwords, change them regularly and avoid losing them. You should remember to close your sessions on other people’s computers, not to use unsecured connections when working via Wi-Fi in public places, check the boxes in the mailbox settings “remember my IP address”, “track IP addresses from which sessions were opened”, “do not allow parallel sessions." And also do not create simple questions and answers to recover your password and do not lose your mobile phone if your account is linked to it.

Email encryption is the only way to ensure that the information you transmit to the recipient will be kept secret from hackers and other eavesdroppers.

In this article I will list the best free programs for email encryption, which you can download and use to keep your correspondence secret.

Why encrypt your email?
If email messages exchanged between two parties are intercepted, the contents of the email can be easily understood by a hacker if the message was sent in plain text, i.e., without any encryption.
And if the message was encrypted, the interceptor will only see gobbledygook instead of the content, unless of course he has decryption key message (which is obviously unlikely, since the letter was intercepted on its way to the recipient).
Therefore, encryption serves to store your private emails, away from prying eyes.

Encryption is a fun and convenient utility that helps keep your files or communications with other devices safe so that no attacker can access them. The basic principle of encryption is surprisingly simple.

The file or message is encrypted using a code or key. The recipient knows that a code was used to encrypt the message and can thus use the same key to decrypt or unlock the message. Any other person with a different key (or no key at all) will be looking at a set of letters and numbers that make no logical sense.

Therefore, if you want to send files that are financial, legal, business related, or medical related, or are confidential or for any other reason, electronic form, you obviously want to protect them from hackers, hence you should encrypt your email. However, if you only encrypt those emails that actually contain confidential information, and send the rest regularly in plain text, you'll end up inadvertently inviting attackers to hack your email account.

The wisest encrypt all emails you send . This way, a hacker will never be able to guess which of your emails contains the information you want to protect, and he won't have to waste the time and effort it would take to decrypt each message.

When it comes to popular email providers that most people use, such as mail.ru, Gmail, mail.yandex.ru, and so on, then none of them encrypt outgoing email messages sent using the accounts.

To encrypt email, you must use online services or download specific software. There are many types of encryption software, some of them free. I've compiled a list of the 6 best free mail programs for encryption.

Best Free Email Encryption Software

Infoencrypt

• For the person who doesn't want to download all the email encryption software and just wants to add security to an individual message, Infoencrypt is a great option since it is a browser-based program.
• There is no need to create an account with a username, password and other details; on this site, there is a JavaScript interface where you can enter text content, and its encrypted counterpart will instantly appear.
• You need to provide the password that is used to associate the message with its key using this program. The recipient can open the contents of the email by copying and pasting the encrypted text into the same location on this very site and entering the password you set as the key.
• This software uses symmetric algorithm encryption, and implements Advanced Encryption Standard (AES) 128, and uses a random initialization vector. The key is determined by password-based key generation function (PBKDF)2. This ensures that the text cannot be decrypted without correct password, as well as a mechanism that follows these precise standards.
• Users must ensure that they do not disclose the password to the recipient through an unsecured medium (for example, in the same or subsequent emails).
• Also, this service can only help protect the text (the contents of the email), and not attachments and other aspects of the email being sent.

Mailvelope

• Mailvelope is software that uses asymmetric encryption with a public key, and complies with OpenPGP standards, open-source privacy, which is compatible with all types of email.
• Primarily intended for webmail encryption, and has presets to work with all major web email services such as Gmail, Yahoo, Mail, and the like, and can also be configured to work with any other.
• It can be downloaded as a web browser plugin (such as an app from the Chrome or Firefox store) and configured to encrypt email.
• This is a very secure service as it encrypts the entire session and thus does not allow data to be left in the browser. The only vulnerability of this program is that it does not support encryption of email attachments.
• To go to the official website, click .

Enigmail

• Users only mail clients Mozilla Thunderbird And Seamonkey, can use this amazing utility to encrypt emails. This is software that supports standards OpenPGP, public encryption key and signature of mail messages.
• He uses GNU Privacy Guard(open source cryptographic software) source code and a public license, which provides fairly good privacy PGP) to implement the cryptographic aspect of encryption. GNU Privacy Guard does not come with the software, and must be installed separately.
• The best part of using enigmail is that it also encrypts and decrypts email attachments.
• To go to the official website, click .

Hushmail

• Hushmail it is not just an email encryption service, but an entire email service provider. There are different types accounts that can be registered. Individual can be opened for free with 25 MB free space. With a business account, you can take advantage of a number of additional benefits, including POP3 or IMAP email downloads on the client's desktop.
• Messages sent and received between users. are automatically encrypted and decrypted since the public keys of all user accounts are known to the software.
• The encrypted message is sent to email addresses from different domain names, and senders must provide a password that will be used to identify the recipient. The sender also provides hints to help the recipient.
• Hushmail uses OpenPGP standards for encryption, with a 2048-bit key.
• To go to the official website, click .

Gpg4win

• Installation Gpg4win(Windows only) will give you a whole suite of free, open source programs that follow OpenPGP standards, including one that can encrypt and sign your email sent using Outlook applications.
• An official distribution of GNU Privacy Guard for Windows, this software is completely free and licensed under the GNU (General Public License).
• For Mac users, GNU Suite is a software package with the same functionality.
• One of the products included in Gpg4win―Kleopatra is designed to manage and assign certificates to your documents and even via email. This is a convenient service that allows you to organize certificates and effectively coordinate with servers (for importing and exporting keys).
• This software works on everyone Windows versions, from Windows XP to Windows 10. Plugin for the Outlook application, allows you to encrypt your email, compatible with any 32 and 64-bit version. It is universal and also available in Russia.
• ☞ In addition to email, this program allows you to sign and encrypt absolutely any files on your computer.
• ☞ To go to the official website, click .

Comodo Free Email Certificate

• Developed by Comodo Inc, an Internet security company that boasts products such as antivirus software, SSL certificates, and more. Comodo Free Email Certificate is a service that allows you to encrypt and sign your email for free if you are an individual, and with minimal costs, if you are a corporate user.
• It creates an email security certificate that protects your email from any prying eyes and also maintains its authenticity in terms of verifying your authorship and protecting the content.
• It's easy to install and works as a plugin for almost every major email client ( Outlook, Thunderbird etc.). To install it, users simply need to register an account with a certificate
• To go to the official website, click .

Don't ignore the benefits of email encryption, and don't underestimate the risks. We hope that from a variety of reliable, lightweight and free options, you'll find the one you're most comfortable with, and you'll be able to protect all your files and conversations.