?
Solved

sending sensitive info by email

Posted on 2013-01-22
7
Medium Priority
?
285 Views
Last Modified: 2013-02-05
what steps can i take to send a sensitive info by email to someone, and to make the least they have to do to get the info decrypted?  (the recipient is someone who has less time and less computer savvy and needs to keep the simplistic or minimalistic way for her to be able to read what is sent over the email and no one else.
0
Comment
Question by:25112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 38

Accepted Solution

by:
Gerwin Jansen, EE MVE earned 400 total points
ID: 38807697
Hushmail is easy and can send encrypted attachments as well:

http://www.hushmail.com/
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1200 total points
ID: 38809030
Hushmail have an annoying habit of locking accounts for "inactivity" and only unlocking if you pay them.

As for the security, then the easiest way (if you have access to the user's machine to set it up, and they don't use other access methods - like mobile - to read their mail) is to create them an s/mime keypair (yourself, that's free), install it to their machine for them, and encrypt to that key using your mail client.  Without exception, mail clients that CAN handle s/mime (and that's near enough all of them) will decrypt automagically any message that they have the key for. (MS call this a "Digital ID" but its the same thing)

you can create your own s/mime keys using either the MS CA (comes with enterprise versions of windows), openssl (major pain!) or the free http://sourceforge.net/projects/xca - instructions for different email clients vary, but for outlook or outlook express its just the windows keystore (so just double-clicking a PFX file to import it is usually enough)
0
 
LVL 10

Assisted Solution

by:simonlimon
simonlimon earned 400 total points
ID: 38809538
One relatively simple solution is to send info in a document that is zipped using password protected. You would then agree as to a password for the zip files.
0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1200 total points
ID: 38810232
@simonlimon:

  Yup, but that isn't transparent to the end user, and for security, you should not re-use the same password, so you would need an ever-changing array of passwords that way.

  S/Mime encrypts every email with a different password, automatically, and the email client will automagically decrypt it on receipt, so it will be transparent to the end user.
0
 
LVL 5

Author Comment

by:25112
ID: 38810704
Dave, thanks.. i don't have access to the user's machine as it is geographically far away. In that case, what may be better option?

if there is no simple option in this route, i am willing to consider hushmail next..

yes, zipped file is not good, as this person is not computer smart and may write down the password right next to the computer
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1200 total points
ID: 38810859
@25112:

  You don't need to be geographically "close" - you can use remote access solutions such as team viewer to do the work, its more if you are going to be "permitted" to access the solution or not.

  Hushmail aren't a bad solution, really. They are a webmail provider (so usually you will need to be accessing the mail via a browser, to a hushmail provided email address) and use a java applet for the actual access, but when it comes down to it, they are providing an openpgp based encrypted email solution without having the headache of managing pgp keys.

Downsides of Hushmail are:
1) Either *both* of you need to be using hushmail, or you are going to have to install and use something that can send openpgp mail.
2) Hushmail is browser/java based, so may not work on all machines
3) Hushmail's free offering has an annoying habit of timing out accounts if you don't access them for 30 days - if that happens, they will *only* re-open the account if you pay them for a non-free account "upgrade" - you lose access to all your existing mail, including any unread, until you do this.
4) Hushmail have a record of rolling over for law enforcement agents, although I believe they do require a warrant. I suspect that isn't a major consideration for most users, but its there.
0
 
LVL 5

Author Comment

by:25112
ID: 38858184
thanks a lot!
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question