Messages you send with most email providers aren’t secure, but there are ways to send sensitive information by email.
We’ve all been asked to send confidential information by email. You may have just hit “Send” with fingers crossed, hoping it won’t fall into the wrong hands.
Here are four ways to securely send sensitive information by email to ensure that only the people you want receive it.
What is sensitive information?
Types of sensitive information
Personal information
Confidential business information
Government-classified information
4 ways to securely send sensitive information by email
1. Send an encrypted email
2. Password-protect emails
3. Password-protect attachments
4. Use encrypted cloud storage
Easiest way to securely email sensitive data
What is sensitive information?
Sensitive information is information that must be protected to safeguard the privacy, welfare, or security of an individual or organization.
For example, your bank details or Social Security number (SSN) are considered sensitive information because revealing them makes you vulnerable to fraud or identity theft.
Types of sensitive information
Definitions of sensitive information vary according to US and EU data privacy laws. But you can divide sensitive information into three broad types.
Personal information
Personal information includes the category of personally identifiable information (PII). That’s any information that can be linked to an individual or used to distinguish their identity, such as name, address, and SSN.
It also includes bank statements, job applications, CVs, contact details, travel documents, etc. — personal details that can form a complete picture of your life.
Laws tend to cover personal information as a whole. But some personal details, such as race or ethnicity, religion, sexual orientation, medical history, or political affiliations, are considered particularly sensitive. Revealing them can seriously affect your quality of life, leaving you open to discrimination or harassment.
Confidential business information
All companies have confidential business information(nieuw venster) whose disclosure could damage the company. Whether trade secrets, financial data, new product plans, or customer details, businesses must protect this sensitive data to remain competitive and comply with the law.
Government-classified information
Classified information is data that a government agency considers must be safeguarded to protect national security or foreign relations. In the US, there are three primary levels of classified information(nieuw venster), as well as additional categories, such as sensitive compartmented information(nieuw venster) for data from intelligence sources.
4 ways to securely send sensitive information by email
Although email was not originally designed to be secure, there are ways to send sensitive personal and business information by email.
With most big email providers, like Gmail or Outlook, if you send a regular email, it won’t be secure. That’s because they use standard Transport Layer Security (TLS)(nieuw venster) encryption by default. With TLS, your message may not stay encrypted when it reaches the recipient’s email provider. And those providers retain the encryption keys to your messages so they can access them.
Learn how email encryption works
To send a truly secure email, you need to use stronger encryption. Here are four ways you can securely send sensitive information by email.
1. Send an encrypted email
The most private and secure way to send sensitive information by email is to use end-to-end encryption. With end-to-end encryption, only you and the recipient of your messages can read them.
Proton Mail is free secure email that makes end-to-end encryption easy. If the recipient of your message is on Proton Mail, simply write the message as usual and click “Send”. Your message will be automatically end-to-end encrypted.
Learn how to send an encrypted email with Proton Mail
You can also send an encrypted email with Gmail or Outlook. But both require some technical knowledge to set up, and neither offers true end-to-end encryption. And this enhanced encryption is only available if you have an eligible paid account.
2. Password-protect emails
If you want to send sensitive information to someone who is not using an encrypted email service like Proton Mail, you can use a password-protected email.
For example, with Proton Mail, to send an end-to-end encrypted email to someone on Gmail or Outlook:
1. Sign up for a free Proton Mail account or log in to your existing account.
2. Select New message and write your email as usual.
3. Select the padlock to set a password and click Send.
The person you’re writing to will receive an email telling them they’ve been sent a secure message. To “unlock” and read the message, they click on a link in the email and enter the password. Only if they know the password can they open the message.
As always with passwords, make sure you create a strong password or passphrase and use a secure communication channel to share it. Use a secure messaging app like Signal(nieuw venster), or just tell the recipient in person.
Both Gmail and Outlook offer ways to password-protect emails (Gmail calls it “confidential mode”), but neither is wholly secure.
Learn more about password-protecting emails
3. Password-protect attachments
A third way to send sensitive information via email is to send a password-protected attachment. Instead of sending the data in an encrypted email, you can include it in a password-protected file and attach it to a regular email.
Most common file types, such as Microsoft Office (Word, PowerPoint, Excel) and PDFs, can be password-protected. As noted above, use a strong password and a secure communication channel to share it.
But the security of file encryption varies, and this method may not work if your recipient doesn’t have access to the same software.
Learn more about how to send documents securely via email
4. Use encrypted cloud storage
All email services set a limit to the total size of attachments in an email (25 MB for Proton Mail and Gmail). If you have a large volume of sensitive information to send via email, the best way is to use secure cloud storage.
Instead of attaching a large file or several files, you can send a secure link to the file or a folder containing the files stored in the cloud. The recipient then clicks on the link to download the files.
While cloud services like Google Drive, OneDrive, and Dropbox allow you to share files with a link, the provider retains the encryption keys. So you never know who might gain access to your sensitive data.
In contrast, Proton Drive secure cloud storage features end-to-end and zero-access encryption, meaning only you and those you authorize can access your data. Simply select a file folder and click the Get link button to generate a secure file-sharing link that you can send by email.
You can protect your file-sharing link with a password or set an expiration date after which the link will be disabled.
Learn more about secure file sharing
Easiest way to securely email sensitive data
The simplest way to securely send sensitive information by email is to use Proton Mail, which we designed to be private and secure out of the box with the following features:
- Easy-to-use end-to-end encryption: All messages sent to someone on Proton Mail are automatically end-to-end encrypted. No one but you and the person you’re writing to can read them.
- Password-protected emails: Easily send an end-to-end encrypted message to anyone not on Proton Mail without technical knowledge.
- Encrypted cloud storage: Send secure links to larger files or folders with sensitive information. Proton Mail comes with free access to Proton Drive.
- Zero-access encryption: No one can access your emails and files stored on Proton Mail or Proton Drive without your authorization, not even Proton.
- Mobile apps: Send encrypted messages to anyone from anywhere.
At Proton, our vision is to provide privacy and security for everyone online. Join us to securely email sensitive information for free.
If you’d like to support our vision, sign up for a paid plan. Together, we can build a better internet where privacy is the default.