Scroogled,Outlooked or Yahooed, your email is not secured!

       You heard it loud and clear from Microsoft’s  “scroogled” campaign against Google's policy on email privacy. But I don’t think any of you would have bought into it, since we all know there is no such thing as privacy or security when it comes to emails. Any one remembers Petraeus affair? I guess, the convenience of email makes everyone forget and sacrifice their security concerns, how else can we explain that people don’t think twice before exchanging confidential information like their tax returns, mortgage papers and pay stub. If you assume, hackers are only interested in celebrities email, you are wrong. You just don’t hear about common Joe’s email hacks in newspapers! Given the importance of emails today, it is a gold mine to hack anyone’s email and snooping on documents being exchanged. Access to email is the most critical tool needed to reset passwords on pretty much anything; bank accounts, mortgage account, eBay, Amazon, iTunes, you name it.So I don't think anyone needs to be convinced that securing your email is an utmost important task.

       Email being such an important tool, why is it so hard to make it secured and protected? No one wants others to read their emails, celebrity or not. But the problem is, if your email service provider is in the business of reading your mails to sell advertisements, sell your data to vendors and feeding the government surveillance system, why would they make it easier to keep your data away from their reach! So there is no easy button out there. But we can’t give up and go back to Pigeon Post, well even then you would have to encrypt your messages!

General tips to keep your email account safe.

•  Always use a complex and long passwords for your email accounts and make sure you don’t store them on your PC.

·    Make sure your alternate email id, which is used for password reset is also secured with strong passwords
·    Use email service with minimum two factor authentication. I know gmail supports two factor authentications, but most other providers don’t. Never understood, why it takes so long for yahoo and Microsoft to implement it.
·    Make sure you are using HTTPS to access your mails when using browser

Content Encryption

       None of the above is going to make your email content safe, it only protects your email account and assures your message safety when it’s in transit. But it is not going to stop Google or Yahoo snooping on your email. Let’s see what we can do about.

1) Simple encryption

Encrypt your content and attachment using 7-zip with a strong password. 7-zip being a commonly used free application, it should not be hard to use it on the receiving side. Make sure you don’t store the password in your computer or don’t sent the password by email.

There are handfuls of other good tools that you can explore like Encrypt Files, which will encrypt the whole folder, dsCrypt allows you to drag and drop files to be encrypted are come of them. Whatever tool you use, make sure it is available on all platform and devices, including the mobile.

2) Use Pretty Good Privacy (PGP) certificates

This is basically certificate based content encryption, very similar to SSL site certificates. You generate two certs public one and a private one; give out the public cert to anyone who wants email to you so that he/she can encrypt the content with it. Once you receive, only you would be able to decrypt with your private key.

       OpenPGP is a free open source tool that lets you do it, for more information on how to use PGP encryption, there is a good article on Life Hacker.

Secured Email Providers

       There are lots of new players in this space now, offering you a secured service, some of them are free and others may charge a few dollars a month;HushMail, 4SecureMail and Swiss Mail are some of them.Typically the email recipient will be taken to a website to answer the secret questions and the content is decrypted upon successful answers.

       If you need security and privacy on your emails, you would have to sacrifice the convenience for sure. I am not sure whether you would be able to convince everyone communicating with you to follow the process. But my advice is, if you ever have to email anything sensitive, tax doc, medical records or SSN, never send them in plain text.