Secure mail: How to protect your emails and attachments
Secure data transfer is still one of the biggest challenges for companies. This includes sharing documents with customers, partners and colleagues. After all, it is important to ensure that sensitive information remains protected from unauthorized access.
In this article we show you how to encrypt your mail traffic, how to securely send sensitive data with idgard® and how to protect yourself and your employees against phishing attacks. In addition, we have a few more tips for you.
- Secure data transfer: How to encrypt your mail traffic
- Send email attachments and files with idgard®
- How to protect yourself against phishing attacks
- Have you fallen into the phishing trap? Here’s what you can do
- Three tips for a secure connection
Secure data transfer: How to encrypt e-mails and attachments
If you share sensitive data or information by e-mail, you should definitely encrypt it. This converts the readable text and attachments into encrypted text. Only the recipient can decrypt them, provided that they have the appropriate key.
Since the GDPR came into force, encryption has played an even greater role than before, especially in companies. The reason for this is that they must take appropriate measures to adequately protect personal data, such as customer data, during storage, transmission and processing.
End-to-end encryption of e-mails. Here’s how it works.
In practice, the OpenPGP and S/MIME standards have become established for encrypting e-mails. These standards are not compatible with each other. As a PGP user, you cannot read e-mails encrypted with S/MIME and vice versa.
S/MIME has the advantage over PGP that it is now integrated in most e-mail clients such as Outlook or Thunderbird. To use PGP, you need additional software, but this is usually available for free, for example, GPG4Win (Outlook), GPGSuite (macOS) or Enigmail (Thunderbird).
However, before you can send your first encrypted and signed e-mail, you have to follow a few steps. You first need a certificate for the signature to confirm the authenticity of your sender address.
Then you have to generate a key pair. The public key is needed by anyone who wants to send you an encrypted e-mail, while you need the private key to decrypt the e-mail. The key pair is normally also generated by the certification authority or, in the case of PGP, within the software.
- Detailed step-by-step instructions on how to encrypt messages in Outlook with S/MIME can be found directly at Microsoft.
- You can find out how to encrypt e-mails in Thunderbird with OpenPGP or S/MIME at Mozilla.
- The providers of GPG4Win (Outlook), GPGSuite (macOS) or Enigmail (Thunderbird) also offer detailed instructions for encryption with OpenPGP on their websites.
As you can see, secure data transfer through e-mail encryption is a complex topic. That’s why, despite their high level of security, OpenPGP and S/MIME have not become established in the everyday lives of users yet. In spite of it, companies should never send sensitive information unencrypted! However, this can also be done more simply.
How to send emails and attachments through idgard®
Confidential documents should not be sent by as email attachment—especially not unencrypted and if the company’s regulations forbid it for compliance reasons. However, many corporate employees still use services like Outlook to send sensitive files.
As an idgard® user, you can also send e-mails securely without any complex encryption or certificates. There are two ways to do this:
- Through the BoxMail feature in the idgard® web application
- With the free idgard® Outlook add-in
Send attachments securely by BoxMail. Here’s how it works!
With BoxMail you can send attachments in a Temporary PrivacyBox. This extension is available for free in all packages*. To send the download link, you also need a client or web-based mailing or messaging service.
This is how secure data transfer through BoxMail works:
Send attachments securely with the Outlook add-in—Here’s how it works!
It is even easier to send sensitive attachments with the free Outlook add-in for idgard®.
The add-in offers you the following functions:
- Certificate verification
- Auto update
- Customizable e-mail templates in German and English
- Installation of an archive mailbox
- Proxy server support
- Single Sign-On for use with LDAP / Active Directory
Secure data transfer is really easy with the idgard® Outlook Add-In:
Interested? Try idgard® for free for 14 days!
How to protect yourself against phishing attacks
German companies are particularly often targeted by criminal phishing attacks, TÜV SÜD reports. Since the beginning of the corona pandemic, this risk has increased even more.
Phishing (from fishing) is a method of trying to gather personal data from internet users by means of deceptive e-mails or websites in order to commit identity theft. The fake sites and messages often deceptively imitate the layout and design of well-known brands (such as banks, online retailers and social media).
1. How to recognize phishing emails
To effectively protect yourself against phishing attacks, you must first learn how to recognize fake mails. Pay attention to the following signs in e-mails:
- The message plays with fear and urgency
- You are asked for your access data or personal information
- It uses an unusual greeting
- Deceptive e-mail address
- The text contains spelling and grammar mistakes
2. Never reply to suspicious e-mails
3. Do not click on links in suspicious e-mails
4. Deactivate the HTML view of e-mails
5. Do not open suspicious attachments
6. Secure your computer
7. Report phishing attempts to your consumer center.
Here’s what to do if you’ve fallen into the phishing trap
- Don’t panic! Almost everyone has opened a phishing email at some point. Stay calm and follow the next steps.
- Don’t delete the suspicious email since it can serve as evidence and help solve the case.
- If it’s about your bank account, contact your bank and have all accounts and cards blocked.
- In case of account phishing at online stores, social media or cloud services, log into your account and change the access data. Check and cancel any possible orders placed without your consent.
- If your idgard® account is affected, please contact the person who invited you. They can simply re-issue the hijacked license and thus prevent the attackers from accessing sensitive data.
Our employees will never ask you for your access data. Do not pass them on to third parties under any circumstances!
- In any case, contact the company (bank, online store, service provider) on behalf of which the phishing attack took place. Inform them about the incident and seek advice.
- Contact a lawyer. If fraudsters have debited money from your bank account, usually you can make civil claims against the bank.
- Since phishing is attempted fraud and therefore a criminal offense, it is also advisable to file criminal charges.
- To be on the safe side, you should update your antivirus and check your computer for Trojans.
- Report – even unsuccessful – phishing attacks to your consumer advice center.
Three tips for a secure connection
Secure data transfer is not rocket science! With our help you can send sensitive data and email attachments securely. If you also consider the following tips, it is even less likely that third parties will gain access to your confidential information.
- Avoid public networks and WLAN hotspots!
Scammers can use public WiFi networks and WiFi hotspots to carry out man-in-the-middle attacks. This way not only can browser activities be tracked, but passport and access data can also be intercepted.
- If possible, rely on German providers!
This applies to both mail providers and cloud offers. If possible, rely on German providers. These are subject to strict data protection laws and consider principles such as data economy.
- If you use web mail, make sure you have a secure connection!
First make sure that you are connected to your web mailer through SSL. You can recognize this by the “https” in front of the URL. To check the certificate, click on the padlock in the address bar. Your browser will then show you whether you can trust this connection.
You found this article helpful? Do you want to stay up to date? Then subscribe now to our free newsletter and receive monthly e-mails with the latest articles, blog posts and tutorials.
About the co-author
Moritz Wappner is the team lead of the Cyber Security Advisory Services department at TÜV SÜD since April 2020. In this role, he is primarily responsible for consulting topics in the areas of Cyber Security Risk Assessment and Cyber Security Awareness.
Here you can find more information about idgard®, the sealed cloud service from Germany.