How to send secure email attachments in Gmail?

Fri Nov 15 2019

Gmail is one of the most popular email providers in the world – it has over a billion active users. However, a very small percentage of them ever consider how unsafe it is.

Of course, the code above is so primitive a computer could crack it in seconds, and a human cryptologist would probably take a few minutes. The cryptography of today relies on algorithms that encrypt data using keys the length of hundreds of bits.

It's common knowledge that Google scans its users' emails to collect data about them and give it to advertisers. Most people consider it to be inevitable and not particularly dangerous. But not a lot of Gmail users realize that their emails in transit can get intercepted by third parties.

There are a few ways to make your emails more secure. Gmail offers a few options, and there are third-party apps and extensions out there that offer some form of encryption. However, their services don’t always work as users would expect them to.

Your business, personal, and financial information is constantly at risk of being leaked – whether on purpose or accidentally. Learn how you can protect it and send secure email attachments in Gmail.

Does Gmail offer encryption?

Yes – Gmail uses the standard TLS encryption that automatically encrypts all outgoing emails. However, TLS protocol only works if the recipient also has it. If your friend or colleague is using an email provider that doesn't offer TLS encryption, all your emails to them will be unencrypted.

Furthermore, TLS does not mean end-to-end encryption. Therefore it can be intercepted in the mail server. Besides, Google can still scan the information in a TLS-encrypted email and give it to third parties. So, it is not a reliable way to send secure emails and attachments.

Confidential mode in Gmail

In 2018 Gmail launched a new feature – the confidential mode. It allows users to send emails that recipients can't forward, copy, print, or download. You can also set an expiration date on your messages, create passcodes, and revoke the recipient's access to the email.

While it sounds like a safer way to send and receive sensitive information, it has little to do with actual confidentiality. In other words, it just prevents the recipient from accidentally sharing something. It does not, however, prevent them from screenshotting the contents of the email. The confidential mode also doesn't have end-to-end encryption, which means that Gmail, as well as other providers, can scan and store your emails.

How to encrypt your emails and attachments

Upgrade your account

One way to make your daily messages more secure is to upgrade your standard Gmail account to a paid G Suite Enterprise or G Suite Education account. These offer S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption, which is much stronger than TLS. It lets users encrypt their emails with user-specific keys that you need to share with the recipient. It also allows users to see the level of encryption their email has – S/MIME, TLS, or none.

However, S/MIME encryption won't stop Google's bots from crawling through your emails. Worse still, it only works if both the sender and the receiver have it enabled. So, if your recipient uses an email service with no encryption, your emails to them will also be unencrypted, no matter what protocol you use.

Find another email provider

Unfortunately, Gmail is not the best option for users who want to be able to send secure emails.

Getting a new email address might be a nuisance, but if security is something you are after, it's a good way to start. When looking for a new email provider, pay attention to things like end-to-end encryption, zero-knowledge policy, and guaranteed encryption regardless of the email service your recipients use.

Use encryption software

Finding a way to encrypt the emails you send out is a challenging task. Google's solutions are not reliable. You can use third-party plugins, but they are often not user-friendly. Most of them require a password or a key that you then must share with your recipient through other channels. And even if you use S/MIME encryption or an extension, it still only encrypts the message – not the rest of the email. If you are looking for a bullet-proof solution of sending secure email attachments, this is not a good option.

If you want to continue to use Gmail, the only way to secure your attachments it to encrypt them beforehand. This way, even if the email itself is intercepted or forwarded, the attachments will be unreadable to anyone, except your recipient.

Using NordLocker is an easy and fast way to secure the files you share online. You don't need to trust your email provider to keep the data safe – you can do it yourself. NordLocker's AES-256 and 4096-bit RSA encryption algorithms, together with our zero-knowledge process, is a guarantee that no one, besides you and your recipient, will be able to open the files you encrypt.

Hard drives can get stolen or lost, cloud storage services suffer from security breaches, and anything you send through the internet can be intercepted. By using NordLocker, you protect your files from ever getting exposed to third parties. If you decide you no longer want to share a particular file, you can revoke access to it from anyone you shared it with. This way, you can always control your data and make sure it is safe.

Chad Hammond

Chad Hammond

Verified author

Chad loves traveling and technology. His global view and open-mindedness add interesting angles to various security topics. Hehas already traveled to over 80 countries and is not planning to stop any time soon.