How to Send Documents Securely via Email

How to Send Documents Securely via Email

1 Star2 Stars3 Stars4 Stars5 Stars (18 votes, average: 5.00 out of 5)
Loading...

Data from Radicati shows that business and consumer emails are expected to surpass 347 billion by EOY 2023. With this massive attack surface in mind, let’s explore how you can send documents securely via email

Every time we have to send a document containing personal information, pictures, or our bank account number and details to someone, we usually do it via email without a second thought. It’s easy: we write the message, attach the file, and send it — all just in a few clicks.

What if you send the email to the wrong email address by mistake, though? Verizon’s 2021 DBIR report shows that misdelivery (i.e., sending emails to the wrong recipients) is the second leading error issue in public administration-related data breaches. Or, even worse, what if a hacker intercepts the email during the transmission and the sensitive information in the attached document is stolen? We’ll answer the burning question we know you’re wanting an answer to: “how can I send documents securely via email?”

In this article, we’ll answer all these questions and explore different methods relating to how to send documents securely via email. Before we start, though, let’s have a look to the risks of sending sensible information without protecting it.

Using Strong Passwords and Following Basic Security Protection Rules Are Not Enough

Billions of emails are being sent every day, but not every email sent is safe or secure. Many people think that email is secured simply because it is password protected or because they are using two-factor authentication (2FA) or TLS (Transport Layer Security). However, these are not enough on their own. Once the email has left your inbox, you basically have lost any control of it.

All emails are sent via the simple mail transfer protocol (SMTP), which doesn’t use any authentication at the transport level and is inherently insecure, according to the IETF’s RFC 5321. The email is sent in clear text while it is being transmitted. This means that without adequate protection, sending an email is like sending a postcard: anyone can read it at any time! This means that while a message is sitting on your recipient’s server, it could be vulnerable to attack.

What can you do then? Here are four methods for how to send documents securely via email:

4 Methods: How to Send Documents Securely via Email

There are many different methods to send your email and personal information securely via email. We will have a look to the most important ones.

1. Protect Your Documents and Files Using a Strong Password

The first option is to protect the document you want to send with a password before you attach it to your email. To do this in Microsoft Office, follow these steps:

  • Open your file.
  • Click on File > Info > Protect Document (or Protect Workbook in Microsoft Excel and Protect Presentation in PowerPoint).
  • Select Encrypt with Password.
  • Enter your password.
  • Re-enter your password again to confirm it.
  • Save the file.

Once done, you can attach your document to the email and send it to the intended recipient. Don’t forget to send the encrypted file password in a separate email!

How to send documents securely via email: A screenshot with directions highlighted that shows users how to password-protect messages in Microsoft Word.
A screenshot showing where to find the encrypt-by-password option in Microsoft Word’s File navigation menu.

If you want to protect a PDF file, you can use Adobe Acrobat (feature only available in the pay version) or a free tool like PDFEncrypt or PDF24 Creator.

2. Use End-to-End Mail Encryption

A basic illustration of an encrypted message and decrypted message
A basic conceptual illustration showing the difference between encrypted and decrypted messages.

End-to-end email encryption is a bit more sophisticated. The concept here is that you protect the contents of your messages (text, attachments, etc.) both while they’re in transit and at rest on your server. Thus, it makes your communications more secure. In some cases, it may require some additional setups and installations. There are two main end-to-end encryption protocols, both of which scramble your email message and attachments to ensure that only the intended recipient on their device can read them:

  • S/MIME (Secure/Multipurpose Internet Mail Extensions): S/MIME relies on a centralized authority and it is based on asymmetric encryption. Most known web-based email providers like Gmail, Outlook, and iOS devices already support this secure protocol. With S/MIME, you can not only send your documents securely via email; by using the email signing certificate, you can also digitally sign them to confirm that you are the legitimate sender of the message. This will add another layer of security to your email.
  • PGP/MIME (Pretty Good Privacy/Multipurpose Internet Mail Extensions): PGP relies on a decentralized authority. To be implemented, it requires a third-party tool. Even if this sounds a bit annoying, on the other hands, PGP/MIME allows you more flexibility as you can create your own key code. It is supported by Yahoo, AOL and Androids devices.
S/MIMEPGP/MIME
Centralized AuthorityDecentralized Authority
Requires an SSL/TLS certificate in most casesThird-party tool needed for implementation
Key code generated for youYou create your own key code
Supported by most major email clients, including Gmail, Outlook and iOS devicesSupported by: Yahoo, AOL and Android devices

How to Use S/MIME to Secure Your Documents in Emails

Goodbye unsecured emails! Hello, secure communications. Enabling encryption using S/MIME typically involves the use of an email signing certificate, or what’s otherwise known as an S/MIME digital certificate, and cryptographic keys. One key (the recipient’s public key) encrypts the message while the other (the recipient’s corresponding private key) decrypts it.

Because S/MIME email encryption involves the use of PKI-based encryption, it’s one of the most effective ways to send documents securely via email. Using a signing certificate will further enhance the security of your personal or business digital correspondence as a whole.

How to send documents securely via email: An illustration showcasing the process of how an email and its attachments get encrypted using asymmetric encryption in public key infrastructure.
A basic illustration that demonstrates how PKI-based email encryption works.

When using a signing certificate, you will be able to:

  • Verify your identity as a sender through a trusted third-party authority (certificate authority, or CA).
  • Encrypt your email and attachments, protecting your data from “man-in-the-middle” attacks.
  • Ensure that the email has not been falsified or changed.
  • Prevent email spoofing.

How S/MIME Email Encryption Works

Gmail

If you are a Gmail user, in order to send documents securely via email using the S/MIME protocol, you have to activate it by enabling hosted S/MIME. Once done, follow the steps below:

Note: this feature is only available to Gmail Enterprise; Education Fundamentals, Standard, Teaching and Learning Upgrade, and Plus users.

  • Write your email as usual.
  • Click on the lock icon that’s located to the right near the recipient-related options.
  • Select view details to change the S/MIME setting or select your preferred level of encryption:
    • Green: The email is encrypted by S/MIME and can only be read by first decrypting it using a private key.
    • Grey: The email is protected with TLS (Transport Layer Security). Note: this will only work if both the sender and recipient are using TLS to protect email messages and their attachments during transmission.
    • Red: The email is not secure because encryption isn’t enabled.
Outlook Web App or Desktop App

Before enabling S/MIME encryption in the Outlook web app or desktop app to send documents securely via email, you will need a digital certificate (also known as a digital ID) issued by a public certificate authority. You will also have to install the S/MIME certificate in the email client. Once done, you are ready to go!

Let’s explore how to send documents securely via the Outlook web app step by step:

  • Write your email as usual.
  • At the top of the message, click on the three dots icon (more options) next to the Discard bin icon.
  • Select Show message options.
  • Choose the sensitivity level in the drop-down (normal, personal, private, or confidential) and select Encrypt this message (S/MIME).
  • Press OK to make your selection and to close the message options window.
  • Send your message and your documents securely.
How to send documents securely via email: A screenshot with directions highlighted that shows you part of the process for sending encrypted messages in Outlook web application using an email signing certificate
An example of how to encrypt an email using an S/MIME certificate in Outlook’s web app. On the next screen, you’ll select the Encrypt this messsage (S/MIME) option.

Likewise, we’ll perform similar steps in Outlook’s desktop client. But instead of selecting the ellipses (three dots), we’ll navigate to the Options tab in the top navigation menu and select the Encrypt tool:

How to send documents securely via email: A screenshot with directions highlighted that shows you how to send encrypted messages in Outlook desktop using an email signing certificate
An example of how to encrypt an email using an S/MIME certificate in Outlook’s desktop app.

Tip: Outlook also has another method for encrypting or digitally signing all outgoing messages. We will talk more about these interesting features later in this article.

iOs Devices

iOs users can use S/MIME encryption following these simple steps:

  • Click on Advanced settings and switch S/MIME on.
  • Change Encrypt by Default to yes.
  • Write your email.
  • Click on the lock icon near the recipient.
  • Attach one or more documents if you wish.
  • Send your email securely.

Tip: If the lock is red, the recipient will have to enable S/MIME encryption.

How to Encrypt Emails With PGP/MIME

Other email providers like Yahoo use the PGP/MIME protocol. To be able to use it, it is required the installation of third-party software. Same for Android and AOL: you can use PGP/MIME to encrypt your emails, but to do so, you will have to set it up and install a third-party app like OpenKeychain.

Once set up, the app will enable you to manage your keys and encrypt, send, or decrypt documents and emails.

“Out-of-the-Box” End-to-End Encrypted Email Services

If you are looking to send documents securely via email without going through lengthy setup procedures, or installing additional software, you may want to try one of the web email providers listed below:

  • ProtonMail: This open source email service also provides end-to-end encryption when communicating with other Protonmail users. It allows you to use password protection to send encrypted messages to users on other email platforms (such as AOL, Gmail and Outlook). It supports PGP/MIME and can be used on any device. No set up, no additional installation — just write your email, attach the document, and send it. Your message will be automatically encrypted!
A screenshot of a new message in ProtonMail
A screenshot showing what it looks like when you prepare an email in the ProtonMail email client. In the bottom-left corner of the draft email, you can see the secure padlock icon.
A second screenshot in ProtonMail that shows how to send password-protected messages to non-ProtonMail users.
A screenshot of the popup menu in ProtonMail that you can use to set a message password when sending password-protected messages to non-ProtonMail email recipients.

Proton encryption for messages sent to non-ProtonMail recipients

  • Tutanota: This platform is similar to ProtonMail in that it offers more or less the same features with the exception of the cloud storage and file sharing. No personal information and no phone numbers are required to register an account.
  • StartMail: This encrypted email platform was developed by the creators of Startpage. It supports PGP/MIME and it can also be configured with an email client. It is compatible with Gmail and Outlook.

3. Microsoft Office 365 Message Encryption (Information Rights Management)

A basic illustration of an email with binary in the background

Microsoft 365 subscribers with E3 licenses can send documents securely via email using the Microsoft 365 Message Encryption tool. To encrypt a single message using the desktop version of Outlook:

  • Write your email and attach your files.
  • Much like in the desktop version of Outlook, you’ll next refer to the top navigation menu.
  • Press the Encrypt menu to access a drop-down menu.
  • Select the Encrypt only check box and press OK. (Note: For additional security options, you can select one of the other methods such as Do Not Forward or Confidential/All Employees if the options are available to you.)
  • Send your email.

4. Use Encrypted File-Sharing Services to Link to Secure Files

Tools like Dropbox, OneDrive, SendAnywhere, WeTransfer or iCloud are alternatives to sending your documents as attachments via email. These tools allow you to:

  • Upload your document to a third-party cloud server,
  • Specify the permission levels of the file, and
  • Send the link via email or text to the person you want to share the file with.

However, not everyone feels comfortable with uploading sensitive information to a server. So, use your best judgment to decide which method best suits your needs or the needs of your business.

How to Send Documents Securely via Email: Best Practices and Additional Tips

  • Always check the recipient’s email address for typos before sending your email.
  • Use a strong password or, ideally, a long, secure passphrase.
  • Use two-factor authentication to secure your accounts.
  • Periodically review your privacy and security settings.
  • Do not send documents containing sensitive information when connected to a public network.
  • Only send sensitive data via secure, encrypted messages.
  • Use a dedicated email platform for your business emails.
  • Secure attachments containing sensitive information.

Understanding the Risks: Why Securing Your Emails Matters

In 2014, a Goldman Sachs contractor accidentally sent an email with a strictly confidential report containing sensitive customer information to the wrong user. They typed in an email address ending in .gmail.com instead of one sending it to one with .gs.com (which denotes a Goldman Saschs Group email address). Can you imagine the effect of such a mistake? This ended up with a lawsuit and, as a result, the U.S. bank lost a fortune. All just because of a single email sent by mistake to the wrong email address!

This is not something that happens only in the U.S. Statistics shared on the U.K. Information Commissioner’s Office website confirm that the majority of reported data security incidents are related to personal data being emailed to the incorrect recipient.

And there is more. Based on IBM’s  2021 Cost of a Data Breach Report, the average total cost of a data breach this year was $4.24 million, the highest observed in the last 17 years and up 10% compared to last year.

In its 2021 report, Verizon investigated 29,207 incidents and counted 5,258 confirmed data breaches. And like we mentioned at the beginning of this article, one of the most common categories in terms of what caused those breaches is errors that include sending sensitive information to the wrong recipients.

A screenshot of industry-related data breach information from Verizon's 2021 Data Breach Investigations Report.
Source: Verizon’s 2021 Data Breach Investigations Report.

High Fines, Increasing Financial Losses and Damaged Reputation

Of course, sending data to the wrong people isn’t the only issue. Data security and privacy regulations are also a big concern.

We mustn’t forget that sending unprotected files containing sensitive information via email also violates many regional and industry-specific data protection regulations, including:

Such violations may result in costly fines and lawsuits. And these fines aren’t something you can likely ignore — for example, a fine for a GDPR violation can cost a company up to €20 million or 4% of its annual turnover.

The impact won’t be only financial, though. The company also may lose the confidence of their customers, shareholder,s and partners due to negative press and reviews. Would you purchase a health insurance plan from a company that suffered a data breach? Of course not!

After all this, it’s easy to understand why protecting your messages matters and why sending documents securely via email is so important: the impact of a leak can quickly generate revenue losses, reputational damages, lawsuits, and fines — just to name a few issues.

Final Thoughts on How to Send Documents Securely via Email

In closing, we hope this article answered your questions like “how can I send documents securely via email?” Our other goals were to help you understand why doing so matters and how you can send documents securely using various methods.

Email, on its own, is not secure. However, you now know that there are ways to protect your sensitive information. Some are easy to implement, some others are a bit more complicated (but more secured). It is up to you to choose the one you feel more comfortable with.

Which email method is the most secure? Without any doubt, securing your emails via S/MIME using an email signing certificate is one of the best options. With its powerful end-to-end encryption and digital signature capabilities, using an email signing and encryption certificate will give you greater security and peace of mind.

About the author

Nadia is a technical writer with more than 15 years of experience in IT, software development projects, email and cybersecurity. She has worked for leaders in the IT industry and Fortune 500 companies. A Certified CSPO mail application security product owner and a former application security engineer, she also works as a professional translator. She is a big fan of Ubuntu, traveling and Japan.