Protecting your email messages with strong email encryption has never been more necessary than it is today. In the USA, if you send patient health information (PHI) unencrypted in an email, you are risking that information falling into the wrong hands. This can have very expensive consequences for health professionals who are charged with protecting PHI in accordance with HIPAA regulations.
Email encryption used to be the realm for paranoids and spies, but these days even the most mundane and routine pieces of information can put us on risk. Tell your friend about your holiday plans, and if your message is intercepted that information could fall into the hands of burglars. Email your sister a birthday greeting, and now you may have just exposed a piece of information that can be used to hack her bank account.
Here are two products that can help Microsoft Office Outlook users protect their email messages.
Lockbin.com is a website that offers a free email encryption services, as well as a premium tier for subscribers. Lockbin is a web service for sending secure messages, it also integrates with Microsoft Office Outlook as an add-in. Lockbin provides you with your own inbox, and people can email you without having to enter a password. This is because Lockbin has implemented Public Key Encryption, and your public key can be used to encrypt messages from others. When you log into your inbox, the messages are decrypted using your Private Key. Lockbin’s implementation of public key encryption and its add-in for Microsoft Outlook makes email encryption practical for less technical users.
PDF Postman is another add-in for Microsoft Office Outlook which uses AES-256 bit encryption and the popular PDF format to send your messages securely. Just write your email in Outlook, attach any files you want to send, and click the PDF Encrypt button. PDF Postman will convert your message to the PDF file, while also embedding your file attachments within the PDF. Embedded file attachments can be extracted from the PDF later by the recipient. PDF Postman is a symmetric key encryption product, which means that the same message used to encrypt the message is also used to decrypt it. Both parties must agree on the password and keep it safe.
The nice thing about the symmetric key encryption approach is simplicity, and few things are more simple than opening a PDF file. The recipient will just click on the encrypted pdf file, and their PDF viewer will prompt them for a password. If the password is correct, the message is displayed to the recipient. The nice thing about the PDF platform is that it is cross platform; encrypted PDF files can be opened on IOS, Mac, Linux, Solaris and Windows platforms. Chances are your recipient will already have a PDF viewer on their device and therefor will not even need to download any special software to open your encrypted PDF file.
Both PDF Postman and Lockbin run on Microsoft Office Outlook 2013, 2010, 2007 and 2003, and support the 64-bit and 32-bit versions of MS Outlook. Both offer free trials so you can start using the products without any risk.
The best time to protect your email is now, before something bad happens. Choose the product that you think as the approach that will work best for you, and then start sending secure email messages today!
We have been contacted by some readers who said we should also mention an asymmetric key email encryption solution, also known as public key encryption. These systems are based on a very strong algorithm that requires the sender and receiver to both have a pair of private and public keys. The public keys are traded among the people who want to communicate. For example, if you and I want to communicate, we would exchange our public keys. I would encrypt my email to you using your public key, and only your private key (which you hopefully will keep private) can open the message I encrypted for you. It’s a great system, but it’s difficult to setup and use across multiple devices.
The GPG Gnu Privacy Guard project makes public key encryption available for those who are brave enough to attempt it. It’s difficult to setup, but then it’s fairly easy to use. An GPG add-on is available for Outlook 2003 and 2007, but as of this writing no add-ons were available for Outlook 2010/2012. Commercial public key encryption add-ons for MS Outlook 2010/2013 may be available, but we were not able to review them for this article.
MS Outlook also includes S/MIME encryption, which is public key encryption using certificates issued by a certificate authority. There is a cost to acquiring the certificate, which will need to be exchanged with other users of S/MIME encryption.
While we strongly support any efforts to make strong email encryption available to the masses, we’re also concerned that systems be easy to use and manage. If they’re not, then they don’t get used. The strongest encryption system is meaningless if people can’t use them practically. Symmetric key systems (shared password) retain the benefit of ease of use in our opinion, yet they are more prone to man-in-the-middle attacks and having the password revealed through the carelessness of the one of the two parties. The advantage of a secure password exchange and prevention of the man-in-the-middle would go to public key encryption.
Choose the system that best fits your needs, and exercise reasonable precautions to protect your keys. The most difficult parts of email encryption will be deciding to use it. The important thing is to get started encrypting your email today.