We help IT Professionals succeed at work.

How to send secure email attachments

Debsyl
Debsyl asked
on
Hi
I need to send secure file attachments containing sensitive information (either.doc or .pdf files) that can only be opened by the recipient. These occasionally need to be sent to a wide number of legal professionals dotted around the country, all using different email addresses.

Could someone suggest the simplest way of being able to do this?

I can purchase 3rd party software/services if needed.

Thanks
Comment
Watch Question

Systech AdminChief Technology Officer
BRONZE EXPERT

Commented:
Ashok DewanFreelancer
BRONZE EXPERT

Commented:
You can ecrypt these files , after encryption then you can pack these files in winrar program by setting strong password. I think is enough to secure these file. If some one get that rar file 1st he need to break the password which is very difficult for above 15 chracters and file inside the rar also encrypted.

you can see couple of software to encrypt pdf and doc by googling
1. http://www.verypdf.com/encryptpdf/encrypt-pdf.htm
2. http://www.pdfmachine.com/genp/overview.html?ref=GA&campaign=features&adgroup=features&ad=001&gclid=CKO929Hm3K4CFUp66wodNRtAYw
3. http://www.askdavetaylor.com/how_to_encrypt_pdf_file_mac_windows.html

for doc
http://www.oraxcel.com/projects/encoffice/help/encrypted_documents.html
http://www.lucion.com/terminology-doc-file-encryption.html

winrar
http://www.rarlab.com/

After ecrypted files packed in rar file then you can send rar file.
Dave HoweSoftware and Hardware Engineer

Commented:
Simplest (but quite definitely NOT the cheapest) is to install a cisco ironport device.
http://www.ironport.com/securedemo/

The Ironport is a smtp filter device that sits between your mailserver and the internet. outbound mail (selectively if you wish) is encrypted, and sent to the recipient, who must then register at the cisco CRES site to decrypt their mail.

from your point of view, all you need to do is either specify that certain messages (eg, messages with attachments to a list of domains) are always encrypted, that certain flags (eg setting "confidential" on an email) triggers the encryption, or anything else you want - the ironport is quite flexible in what will cause the outbound mail to be encrypted. as a bonus, replies to encrypted messages are themselves encrypted, without the recipient needing to buy or set up anything other than the cres login.

Author

Commented:
Thanks - this is for sending confidential legal reports via email. Obviously this can't be done over regular email as it's not secure enough. As it's for a freelancer I think the Cisco Ironport route is going to be way too expensive - but thanks anyway.

I'm thinking using a strong password in Adobe Acrobat to encrypt the document then sending it as an attachment is probably the way to go as these reports go to many different legal people all using different systems. We're just waiting on a response from the legal IT people to see if this is secure enough.
Software and Hardware Engineer
Commented:
Well, this is a growing field, but yes, if all your documents are PDFs, and you can manage the key schedule yourself, then that's a cheap and cheerful option - the crypto is actually pretty good (AES, at 128 bits for v8 and before, moving to 256 bit in later versions).  Password length has also increased (from 32 chars to 127) but as in each case only the hash of the passphrase is used, even the older releases should be "good enough".

If you *need* some sort of verification, go for the latter, and use genuine Adobe software - their cryptomodule is FIPS certified :)

Explore More ContentExplore courses, solutions, and other research materials related to this topic.