Gmail is one of the most popular email services out there. As of January 2020, Gmail ranks second in email client usage worldwide (measured out of almost 1 billion email opens). More than 3 million businesses pay for Google Workspace. Amongst those businesses are plenty of regulated industries that require secure email to be compliant.
Years ago, Google promised to add end-to-end Gmail encryption to its email platform. Sadly, they have yet to deliver on the promise.
SEE ALSO: Check How Secure Your Email is for Free
However, if you are a business in a regulated industry that uses a Google Workspace Gmail account for your business, there are still ways to encrypt your message contents. We'll show you how to encrypt your Gmail email account using one of the three services below.
1. Use Gmail confidential mode
Google recently launched Gmail confidential mode to allow users to send and open confidential emails. Users have the ability to enable confidential mode on the bottom right of the compose window. This allows senders a few options:
- Set an expiration date so the sent email is only readable for a set timeframe
- Require a SMS passcode to read the email
- Disable copy, paste, download, print and forwarding of the email
While this sounds like a good "free" option it isn't one that scales particularly well for a few reasons:
- It requires a bunch of extra steps for the sender
- It requires the sender to know the recipient's cell phone number to set a SMS passcode
- The recipient needs extra steps to view the email
Confidential mode also has some security concerns because emails are NOT end-to-end encrypted, and Google can see the content of your messages. The Electronic Frontier Foundation (EFF) helped bring some of these concerns to the forefront and wrote about it in more detail here.
1. Enable S/MIME for Google Workspace
S/MIME (Secure/Multipurpose Internet Mail Extensions) supports encryption in transit and encrypts your outgoing emails if it can.
But there is one contingency: for S/MIME encryption to work, both the sender and the recipient have to have it enabled. After S/MIME is enabled, both the sender and the recipient will have to exchange information called "keys" to uniquely identify each other. Once you have all that sorted, here is how to use S/MIME to send encrypted messages:
- Compose a message as you normally would.
- Add a recipient to the "To" field.
- To the right of the recipient, there will be a lock icon. The icon will vary depending on the level of encryption supported by your recipient.
- If you are sending a message to multiple recipients, the icon will show the lowest encryption capability depending on their encryption levels.
- Click the lock and then "View Details" to change your S/MIME settings or learn about your recipient's level of encryption.
To check if a message you received was encrypted, there are a few more steps to complete:
- Open the email message.
- To the right of the recipients' list, click on the down arrow.
- Look at the colored lock to determine what encryption level of the sent message.
S/MIME encryption levelsThe encryption levels are represented by three colors: green, gray and red.
- Green means that your information is protected by S/MIME enhanced encryption. The recipient can only decrypt the email with the private key.
- Gray means the email was only sent with TLS encryption. This means the message was protected from one server to another; however, TLS (Transport Layer Security) only works if both the sender and recipient support TLS.
- Red means there was no encryption whatsoever. If that's the case, try and refrain from sending any personal information until you are able to securely encrypt your email.
2. Use SecureGmail
SecureGmail is a Google Chrome extension by Streak. After you install it from the Chrome Web Store, refresh your Gmail page to activate the extension. You will be able to tell if the extension is working if you see a lock button next to the compose button.
To compose an encrypted email, click on the lock button accordingly. But note, you must click on that small icon, or else you will be sending sensitive information over an unencrypted email. By clicking on the lock, you will see two distinct changes:
- The header will show the word "Secured" with a lock symbol beside "New Message"
- The "Send" button will change to "Send Encrypted"
After you hit "Send Encrypted," you're not quite done yet. A pop-up will appear prompting you to enter a password that the recipient will need to decrypt the email.
Afterwards, you will have to manually share your password with your recipient as he or she will only receive the password hint along with the email. SecureGmail does facilitate end-to-end encryption, but the recipient will also need to have the SecureGmail extension in order to decrypt the email. You can only use SecureGmail with a Google Chrome browser - recipients who use another browser on their laptop or smartphone will not be able to access the email.
3. Encrypt your Gmail through Firefox
If you don't use Google Chrome as your primary internet browser, you can still encrypt your emails with Firefox. Simply add the Encrypted Communication Firefox extension and restart your browser to activate it. To encrypt your Gmail email with this Firefox extension:
- Compose an email
- Right-click and select "Encrypt Communication"
In order for your recipient to open the encrypted email:
- They will also need the Encrypted Communication plug-in
- Right-click on the message and select "Decrypt Communication"
- Enter the assigned password
How to encrypt your Gmail email without plug-ins or extra steps
Let's be honest here. Do you constantly want to be checking if you pressed the right button, entered the right password, or typed "SECURE" in the subject line to encrypt and decrypt your emails? Of course not. And you shouldn't have to. Encryption solutions should be as seamless as sending an ordinary email. With Paubox Email Suite, it is that easy. We encrypt all emails and replies by default so you don't have to. Even better—you can send an encrypted email as you normally would. There's no need for additional training for your staff and no change in user behavior. This is because Paubox puts the user experience first for both senders and recipients. We provide military grade encryption features without the hassle of extra steps. Paubox also offers security features such as robust spam filtering that identifies malware and phishing attacks and has protocols against ransomware. With seamless integration into business email platforms like Google Workspace, Microsoft 365 and Microsoft Exchange, you can keep your email address and domain as well. When we say there will be no change in user behavior, we mean it. To assure your recipients that the email you sent is encrypted, they will see a neat little digital signature at the footer of your email saying that your email was encrypted for their safety and security by Paubox.