How to encrypt messages by e-mail and whether it will become “safer”

Is e-mail information protected?

An honest answer to this question will be: “Yes. But no". When you visit most sites, the HTTP protocol is displayed in the address bar. This is an insecure connection. If you log into one of the major postal services, you will see HTTPS. This suggests the use of SSL and TLS encryption protocols, which provide a safe "journey" of the letter from the browser window to the mail server. However, it does not give anything in connection with the new SORM , which comes into effect on July 1, 2014. Moreover, absolutely nothing protects your correspondence from an unscrupulous employee of a postal service company, hacker attacks, an unclosed session on someone else's computer, an unprotected Wi-Fi point, as well as any special service requirements — even now — and even the postal service itself. own privacy policy.


All letters coming, leaving or stored on the server of the postal service are at the complete disposal of the company to which it (the server) belongs. Ensuring security at the very forwarding, the company can do whatever it pleases with the messages, as, in fact, it receives the letters at its disposal. Therefore, you can only hope for the decency of its (company) management and employees, as well as the fact that you are unlikely to seriously interest anyone.
')

When using corporate mail correspondence is protected by IT-services, which can establish a very strict Firewall. And, nevertheless, it also will not save, if an unscrupulous employee “merges” the information. This is not necessarily about the system administrator - it is enough for an attacker to be “inside” the corporate network: if he is serious, the rest is a matter of technology.

Encrypt

Somewhat increase the level of protection of your mail "from fool" can encrypt the text of the letter and attachments (they can also be placed in the archive with a password, for example, if the text itself does not contain confidential data, and the archive contains). In this case, you can use special software.

The letter body itself can be encrypted with a third-party cryptographic program, it has already been written about this earlier , let me repeat a little in my own way. The most popular service for which a specially designed encryption program is Gmail. The SecureGmail extension is installed in Google Chrome, which supports this encryption, after which everything is quite simple - a password is entered for the message to be encrypted and a hint question is entered to restore it. The only drawback is the restriction of use only for GoogleChrome.

There is an encoder that is suitable for almost any online mail, such as mail.ru, yandex.ru, Gmail.com - for all mail services that you can open in the Mozilla browser window. This is an extension of Encrypted Communication. The principle of operation is the same as that of SecureGmail: having written a message, select it with the mouse, then click the right button and select "encrypt using Encrypted Communication". Next, enter and confirm a password known to you and the recipient. Naturally, both of these clients must be installed both with the recipient and the sender, and both of these people must know the password. (It is worth noting that it would be rash to send the password in the same mail.)

In addition to browser plug-ins, in which you open mail, there is an application for desktop clients that can also be used with online mail services - PGP (Pretty Good Privacy). The method is good, because it uses two encryption keys - open and closed. And you can also use a variety of programs for both data encryption and letter text encryption: DriveCrypt, Gpg4win, Gpg4usb, Comodo SecureEmail and others.

Sadly, advanced encryption technology, no matter how easy it is to use and beautiful, will not save if, for example, a backdoor is installed in your computer, which takes screenshots and sends them to the network. Therefore, the best way to encrypt is not to write letters. The motto “It is necessary to meet more often” acquires a new sound in this context.

Minimizing the risks

As noted above, the ideal way to encrypt is not to write letters. Most often, you should not use free email services for correspondence at work, especially if you have signed a non-disclosure agreement. The fact is that if your messages are intercepted from corporate email, they will deal with the security gap with the company's IT department. Otherwise you are personally liable. Remember: when using “external” mail, correspondence is sure to get to third parties, at least, to employees of the company providing postal service. And they did not sign non-disclosure agreements with your employer.

If you are an important person in the company, do not send key documents through open channels, or do not use e-mail for their transfer, but use corporate mail for work and do not send important letters to the addresses of free e-mail services.

In all other cases, for example, when concluding contracts, it is useful to use mail, since an e-mail contains facts of your arrangements for work and can help you in the future. Remember that most of the "plums" of information occur due to the fault of not the hackers, but the "human factor". You may well be enough to use complex passwords, change them regularly and prevent them from being lost. You should not forget to close your sessions on other computers, not to use unprotected connections when working via Wi-Fi in public places, set checkboxes in the mailbox settings “remember my IP address”, “track IP addresses from which sessions were opened”, “not allow parallel sessions. ” And also not to create simple questions and answers for password recovery and not to lose a mobile phone, if your account is linked to it.