How to Send a Secure Email Attachment

April 2, 2019

10:00-11:00AM PST

If you are interested in sending a secure email attachment, you’ll need to encrypt your email message. One of the easiest ways to do so is by sending your attachment through Trustifi. Sending a secure email attachment through other means can often be a challenging process for the sender. Once the recipient receives the email, opening that secured email attachment can be an even more difficult process.

In this article, we’ll breakdown how to send a secure email attachment. We’ll explore what options there are for sending secure email attachments, how they function, and what the strengths and drawbacks of those options are. Trustifi isn’t the only way to send a secure email attachment, but it is the most seamless method available. We’ll look at why that is, and what the process for sending and opening a secured email attachment within Trustifi looks like.

What is Secure Email?

Secure email is another way of saying an encrypted email. You might have heard of message encryption before, but don’t understand exactly what it is or how it functions in regards to email. If so you aren’t alone! Encryption is an incredibly complex topic that we will only scrape the surface of.

In order to send an attachment securely over email, you’ll need to encrypt it. This is because you need security in two areas. The first is when email is transmitted to its destination. The second is once an email arrives at its destination. In order to understand how encryption aids in both of these aspects of securing your emails and attachments, let’s take a deeper look at what encryption is and how it works.

What is Encryption?

In the simplest terms, encryption is the process of taking data in a file attachment or email and scrambling it so that it is unreadable. In order to read or access the data in an encrypted secure message, you will need a key. Keys are used to both encrypt and decrypt data. There are currently two broad categories of message encryption used for the purposes of an email server. The first is public-key encryption which is the most common form of encryption you will run into. The second is symmetric-key encryption, which is less common in the public sphere and more common in the private and governmental sector.

Public-Key Encryption

Public-key encryption requires the use of two sets of keys. One key is publicly available. The other key is private and is only shared between the sender and recipient. Public-key encryption relies on third-party trusted entities that are responsible for validating an organization or individual. So, how does this all work together?

In essence, the sender and recipient both need to know the public key of the other party. The sender will usually send their private key prior to sending the encrypted message, or in some cases along with it. This private key is often in the form of a digital signature or digital certificate, which is validated by an external Certificate Authority. An example of a Certificate Authority that you may have seen before is the company DocuSign.

The sender finds the public key of the recipient, encrypts the message, and sends it along with their digital signature if it hasn’t already been sent. The recipient verifies the authenticity of the sender by comparing the private and public key. Depending on the email client, much of the work is done on the back-end provided the private key has already been received and the public key is already known.

Symmetric-Key Encryption

Symmetric-key encryption is the other type of encryption you might run into. The most robust of this type of encryption is Advanced Encryption Techniques (AES) 256 bit, but there are other types of symmetric-key encryption methods available. The process for sending and receiving symmetric-key encrypted emails is relatively simple. Prior to sending an encrypted email, the sender must share the key with the recipient. This key is the only way to decrypt the email. The same key is used to encrypt and decrypt the email.

How Secure is Encryption?

Encryption scrambles the contents of a message so that only the sender and recipient can open the message. But how reliable is encryption? The fact is, encryption is incredibly powerful. You might be wondering whether the security of encryption comes down to computing power alone. While older, outdated methods of encryption can be broken by a brute-force attack given a certain level of resources and time, today’s highest levels of encryption will continue to be secure in the future. Given current computing power, there is no feasible way that a malicious actor can access the contents of a message encrypted with AES 256 bit or an equivalent encryption standard.

What Are The Advantages of Encrypting Emails?

If you have never encrypted your emails or file attachments, you might be wondering why you should bother. The fact is, most people underestimate the level of threat facing them and overestimate the security of their personal or business email. The threat landscape facing both individuals and organizations is rapidly expanding. Cyber threat actors are becoming more numerous, while the tools they deploy are becoming more advanced and easier to access.

Most people assume that their personal or business email is already secured. The assumption is that the transportation of the email from source to destination occurs across a secured channel. Although some email providers like Gmail offer Transport Layer Security (TLS) to protect emails in-transit, this only applies if the destination email provider utilizes TLS as well. Additionally, this only protects the email while it is on its way to the destination.

So, if you are transmitting sensitive information across email, how can you be sure that it won’t be intercepted along the way? On top of this, how can you be sure that once it arrives at its destination the intended recipient is the one opening it? While an increasing number of email providers are offering 2-factor authentication for their service, the adoption of 2-factor authentication is still slow.

Encryption offers a means of securing an email while it is in-transit and ensuring that the intended recipient is the one opening it. In this way, encryption is the best method of protecting privacy while also offering a method of authenticating the sender or recipient.

Sending a Secure Email Attachment The Standard Way

In order to send a secure email attachment, you’ll have to go through a somewhat complex process. We’ll break down the steps of this process in broad terms, but understand that each specific email provider has different encryption capabilities that may require additional steps.

  • Obtain a digital certificate or signature.
  • Obtain the public key of the recipient.
  • Encrypt your email with the attachment.
  • Send your email with either your digital signature attached or send your digital signature in a prior email.
  • The recipient must have both your digital signature (private key) and public key.
  • Using both of these the recipient can authenticate the sender, decrypt the email, and download the attachment.

Sending a Secure Email Attachment With Trustifi

As you’ll notice, sending a secure email attachment through a standard method can be an enormous hassle. Once the process has been done a few times between a sender and recipient it becomes easier, but the initial process of each party exchanging private and public keys can present complications.

In contrast to the standard method of sending secure email messages and attachments, Trustifi simplifies and streamlines the process for both the sender and recipient. Here’s how it works with Trustifi.

  • Generate an email.
  • Open the Trustifi extension pane and select the security options desired.
  • Send the email with the attachment.
  • The recipient opens the email, which redirects to a 2-factor authentication page.
  • 2-factor authentication occurs with either a code texted to the recipient’s phone or a code that was already shared between sender and recipient.
  • The recipient opens the attachment. If needed, the recipient can send an encrypted reply directly from the same page.

Closing Thoughts

In the end, sending and receiving secure email messages and attachments is not as intuitive or straightforward as it should be without using a third-party resource like Trustifi. Sending a secure mail attachment through standard encryption methods incorporated into your preferred email client can be a hassle to set up. It requires coordination between the sender and recipient prior to the secured email being sent. While this type of approach can work for specific needs, it is difficult to incorporate into normal business operations.

With Trustifi, sending secure mail attachments is simple for both the sender and recipient. An added advantage is that the recipient doesn’t have to be a user of Trustifi to access the encrypted email. They must simply complete the two-factor authentication process, which gives them access to the content of the email and gives them the option to reply with an encrypted message of their own. If you have struggled to send secure attachments in the past, adopt Trustifi for all of your secure email needs.

Sources

  1. Orman, Hilarie. “Introduction: What Is Secure Email?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 1–7. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_1.
  2. Orman, Hilarie. “How Does Secure Email Work?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 33–57. Cham: Springer International Publishing, 2015. https://doi.org/10.1007/978-3-319-21344-6_3.
  3. https://www.comparitech.com/blog/vpn-privacy/how-to-encrypt-email/

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization