How To Encrypt Email Attachments (Outlook, Gmail, & iOS)
Email encryption is essential for protecting the privacy and security of digital communication, especially when sending confidential documents and attachments.
By encrypting email attachments, individuals and organisations can significantly reduce the risk of a data breach and ensure compliance with privacy laws and regulations.
In this guide, we walk you through how to encrypt email attachments in Outlook, Gmail, and iOS.
Understanding Email Encryption
Email encryption is a method of securing email communication.
It converts the contents of an email into a format that cannot be read by anyone other than the intended recipients.
This process involves the use of cryptographic techniques to ensure that the information being sent remains confidential and protected from unauthorised access. Only the recipient who has the correct key to decrypt the message can access it.
Email encryption can be applied to the body of an email, the attachments, or both, safeguarding sensitive information from cyber threats.
Types Of Encryption
There are several types of email encryption, varying in strength and each with its pros and cons.
TLS (Transport Layer Security): TLS is a protocol that encrypts the connection between email servers to protect emails in transit.
However, TLS does not encrypt the email from the point of origin to its final destination; it only secures the email in transit between servers.
This means that the email could still be accessed by the email service providers or on the servers where the emails are stored unless additional encryption is applied.
S/MIME (Secure/Multipurpose Internet Mail Extensions): S/MIME is a form of end-to-end encryption, meaning that it encrypts email contents from the point of sending until they are opened by the recipient, ensuring the protection persists at all stages of the journey.
This type of encryption is considered more secure because only the sender and the recipient have the keys to decrypt the email, making it virtually impossible for anyone else to access the content.
However, S/MIME relies on both the sender and recipient having obtained a digital certificate from a Certificate Authority (CA) in order to work.
AES-256 (Advanced Encryption Standard): Another form of end-to-end encryption, AES-256 is considered one of the strongest forms of encryption, ensuring that email contents remain encrypted until the recipient opens them.
AES-256 does not depend on the recipient having a certain certificate and can be used regardless of what technology they use to access their emails.
Why Encrypt Email Attachments?
Sending email attachments without encryption leaves documents open to risk.
Think of it like writing your personal information on a postcard and popping it in the letterbox – it would be open for everyone who comes into contact with it to see.
For those dealing with sensitive information on a regular basis, such as businesses or people in professional services, encryption is vital. Though it should be used by anyone when sending sensitive or otherwise valuable information.
When sending unencrypted documents, the main threat to be aware of is email interception.
What Is Email Interception?
Email interception is the unauthorised access of email messages as they are transmitted across networks. It allows threat actors to eavesdrop on private conversations and potentially modify the contents of emails.
Interception can occur at various points along the email's journey from sender to recipient, including:
- Within the sender's or recipient's email servers
- During the email's transit over the internet, or at any intermediate servers that handle the email.
The primary reason that unencrypted documents are at risk of email interception is that they are transmitted in plain text, allowing anyone who gains access to the message to read the contents.
Encrypting an email and any corresponding documents scrambles the information so that they are unreadable to the naked eye.
The consequences of email interception can be severe, ranging from identity theft and financial fraud to the exposure of sensitive corporate information.
Encrypting Email Attachments In Outlook
Microsoft Outlook is a widely used tool for users across the world, especially for its email capabilities.
It supports two different types of encryption, including:
- S/MIME, as part of its free, standard offering.
- Microsoft Purview Message Encryption, a type of end-to-end encryption, which is part of its paid Office 365 Enterprise E3 licence. (Microsoft Purview Message Encryption replaces the older Office 365 Message Encryption, or OME).
Depending on whether you are using the free or paid version of Outlook, there are slightly different methods for setting up encryption for your emails and attachments.
If You Have A Standard Outlook Account…
If you're using the standard version of Outlook, to encrypt your outbound emails using S/MIME, you first need to generate a digital certificate and link it to your account.
You can acquire a digital certificate through one of these Microsoft-recommended service providers.
Once you have downloaded your certificate, it can be added to your account by following these steps:
- Click ‘File’ on the ribbon at the top of Outlook.
- Select ‘Options’ at the bottom left of the screen.
- Tap on ‘Trust Center’, then ‘Trust Center Settings.’
- Click ‘Email Security’ in the left panel, then choose ‘Settings’.
- Select the certificate you want to use, and press ‘OK’.
Note: These steps are correct for the newest versions of Outlook. For older versions of Outlook, including Outlook 2019 and 2016, steps vary. |
Encrypting an email with S/MIME:
Now that your certificate is linked to your account, you can send an encrypted email using the following method:
- Start composing a new email.
- Click ‘Options’ on the top ribbon.
- Select ‘Encryption’ or ‘Permissions’ (depending on which version of Outlook you are using.)
- Choose whether to send the email with encryption only or with a no-forwarding rule.
- Write your message and attach your document, then send as usual.
If You Are A Microsoft 365 Subscriber…
For those with a paid Microsoft licence, setting up Microsoft Purview Message Encryption is a relatively complex process.
It is recommended that this is carried out by a member of your organisation's IT staff who is familiar with Microsoft PowerShell.
However, once message encryption is configured, sending an encrypted email is simple.
To encrypt a single message:
- When composing a message, click ‘File’, followed by ‘Properties’.
- Select ‘Security Settings’, and then check the ‘Encrypt message contents and attachments’ check box.
- Finish writing your message, attach any documents, and then click ‘Send’.
To encrypt all outgoing messages:
- Click ‘File’ on the ribbon at the top of Outlook.
- Select ‘Options’ at the bottom left.
- Press ‘Trust Center’, then ‘Trust Center Settings.’
- Within the ‘Email Security’ tab, check the box titled ‘Encrypt contents and attachments for outgoing messages’, then press ‘OK’.
Encrypting Email Attachments In Gmail
Gmail offers two different types of encryption for users to utilise, including:
- TLS, as part of its free, standard offering.
- S/MIME, as part of its paid enterprise accounts.
Depending on whether you are using the standard or paid version of Gmail, there are slightly different methods for setting up and using encryption for your emails and attachments.
If You Have A Free Gmail Account…
By default, all message text and attachments that you send using Gmail are encrypted using TLS.
However, this only works if your recipient's server also supports TLS.
If they are using a mail server that doesn’t support TLS, then any messages you send won’t be encrypted.
To send an encrypted email, compose a message as normal, add any attachments, and press send.
Confidential mode:
Apart from TLS encryption, Gmail also offers Google ‘confidential mode’, allowing users to set a passcode and expiration date for the email and any attachments, as well as preventing recipients from forwarding, copying, printing, and downloading the contents.
To set up confidential mode on an outbound email, simply:
- Click ‘Compose’.
- Select the lock icon, found in the bottom right of the window.
- Choose your desired expiry date and whether or not to set a passcode. If you choose 'SMS passcode', recipients will receive a passcode by text message.
- Press ‘Save’.
- Finish and send your email as normal.
If You Have An Enterprise Google Workspace Account…
For those who have access to a paid Google Workspace Enterprise account, usually as part of your organisation, S/MIME encryption is available as an option.
Before you can send an encrypted email using S/MIME in Gmail, you have to configure it to the company account using the following steps:
- Sign in to the Google Admin console.
- Click Menu > Apps > Google Workspace > Gmail > User Settings.
- Under ‘Organisations’ on the left-hand side, select the domain that you want to configure for encryption.
- Check the box labelled ‘Enable S/MIME encryption for sending and receiving’ under S/MIME settings.
- Choose whether to let people upload their own certificates, or upload and manage root certificates yourself.
- Click ‘Save’.
Note: These steps can only be completed by an account administrator. |
Sending with S/MIME:
Once your domain or organisation has been configured to send encrypted emails, users just need to compose messages, attach documents, and send as usual.
To double-check whether an email you are composing is being sent encrypted, you can look at the padlock icon next to the recipient address when composing a new message.
- A grey padlock indicates that the message will be sent using TLS.
- A green padlock shows that it will be sent using S/MIME.
- A red padlock means that the email will be sent without encryption.
Encrypting Email Attachments On iOS (Mail App)
Apple gives users the capability to send and receive encrypted emails in the Mail app for iPhone.
iOS supports S/MIME encryption, meaning that you need to download a certificate from a Certificate Authority, before configuring it with your account using the following steps:
- Open ‘Settings’ on your device.
- Click on ‘Mail’, and then ‘Accounts’.
- Select the account that you want to send encrypted messages from.
- Press ‘Advanced’ and turn on the ‘Encrypt by Default’ option.
Sending with S/MIME:
Once your domain or organisation has been configured to send encrypted emails, users just need to compose messages, attach documents, and send as usual.
To toggle whether an email you are composing is being sent encrypted, you can find a padlock icon in the address field when composing a new message.
- A blue padlock indicates that the email will be encrypted.
- A red padlock shows that it will be sent unencrypted.
The Best Email Attachment Security
While Outlook, Gmail, and iOS provide varying levels of encryption depending on the type of account you have, many of the options do not provide an adequate level of protection.
TLS encryption lacks the robustness needed to protect personal information, and S/MIME is complicated to set up and relies on both parties having the necessary certificates.
To make sure your sensitive documents remain in the correct hands only, there are several extra tools you can use to secure your emails:
Stronger encryption: AES-256 is one of the most robust encryption types on the market, providing end-to-end security for emails and attachments.
With only Microsoft providing paid licences that offer end-to-end encryption, which can often be expensive, it is recommended to use an external tool to boost the level of encryption available.
Recipient authentication: Email authentication plays a vital role in verifying identity, preventing fraud and unauthorised access.
Multi-factor authentication, including SMS codes and question-and-answer challenges, can be used to make sure the person accessing the emails you send is exactly who they say they are, barring them from unlocking messages until they prove their identity.
Email revoke: Revoking a sent email allows you to block a recipient's access to an email after you have sent it.
This is useful in situations where you have accidentally sent an attachment to the wrong person, or the wrong document to the right person, preventing a breach of sensitive data.
While Outlook has a native recall function it relies on specific conditions being met, such as a message not having been opened yet.
Dedicated secure email solutions can provide full email revoke, regardless of whether a message has been accessed.
Introducing Mailock…
Mailock is our dedicated secure email solution, providing military-grade AES-256 encryption, recipient authentication, and full email revoke.
Better yet – it requires no complicated setup, allowing you to start sending encrypted messages without large amounts of configuration.
Simply create an account and download our free add-in, allowing you to encrypt outbound messages directly through Outlook.
References:
Find digital ID or digital signature services, Microsoft, 2024
Set up Message Encryption, Microsoft, 2023
Turn on hosted S/MIME for message encryption, Google, 2024
What Is Email Encryption, Beyond Encryption, 2024
What Is Email Authentication, Beyond Encryption, 2024
Reviewed By:
Sabrina McClune, 05.06.24
Sam Kendall, 05.06.24
Originally posted on 14 02 24
Last updated on July 4, 2024 Posted by: Sabrina McClune Sabrina McClune, an expert researcher with an MA in Digital Marketing, was a finalist in the Women In Tech Awards 2022. She excels in conducting and compiling research for B2B tech companies. Sabrina enjoys reading fantasy novels and collecting special edition books. |
Subscribe
Get live updates
Subscribe for exclusive secure digital customer communications content for companies in regulated sectors.