Gmail Unveils New Email Encryption on Safer Internet Day
If you are a Gmail user, you may be puzzled by the new red padlock in Gmail that you see at the top of most of your emails. No need to panic: Google is simply making your email safer.
You may have seen this padlock at the top of an email recently.
Safer Internet Day was the day Google chose to unveil its new encryption feature for all users. While Gmail has always safely transported email sent from and to Gmail addresses, not all incoming emails are encrypted the way Google likes them to be. The padlock is essentially telling you that the sender is not using TLS encryption.
What TLS Encryption Is and Why You Should Care
Transport Layer Security (TLS) is a protocol that protects your email while it is in transit. Email sent without TLS is easier for hackers to intercept and read, usually without the sender or receiver ever knowing. While there are more advanced methods of encryption that are typically used by businesses who deal in highly sensitive information, TLS is the first line of defense against standard, basic email interception attempts. Read Google’s basic explainer of email encryption here.
If you receive an email with the broken padlock, it is signifying that the sender has not enabled TLS, and therefore lacks the most basic of email security protocols. If you receive a message from a sender like this, even if you know them, it is advisable to not give them any payment information or anything else that could lead to identity theft.
How to Deal with Clients who Don’t Have TLS
If you have a client who is sending you emails without TLS enabled, you may want to advise them to address it with their email provider. Most email providers are able to easily turn on TLS protocols. Gmail incorporates it natively, so if they are currently using an email provider that is telling them that they can’t turn it on, encourage them to move to Google Apps for Work as their email host - that way they will get the functionality of Google Apps for Work as well as built-in email encryption.
If you want to skip the notification, encourage them to upload any information that may contain payment information or any other private information to Google Drive to a password-protected file, not a file that anyone can open simply by clicking on the link. They should then give you the password by phone rather than email or text. This may seem like too much, but your clients will appreciate the added security precautions if they are not in a rush.
You may also see a broken red padlock on your own email when responding to someone without TLS support - don’t panic if this is the case. This means that they don’t support Gmail’s TLS encryption, so the message is being crafted without it. Just be extra sure not to include any sensitive, personal or payment information in those emails.
If you see a question mark where you would normally see your sender’s avatar, photo or simply a blank picture that looks like a person, that may mean that Gmail can’t verify that it is actually coming from them or their domain. This is Gmail’s attempt to fight “phish” emails that try to obtain personal information. Most of these emails are caught in Gmail’s spam filter, but the occasional one can make it through, which can make it seem more legitimate.
If you are interested in making the switch to Google Apps for Work to both increase your company email security and gain access to Google’s large suite of services, contact UpCurve Cloud today.