The threat of hackers and spying governments has made cyber security a constant concern for every organisation. Encrypting email is an essential step to protect their information.
Encryption scrambles the information in messages so it can only be read by those who have the relevant code key and is provided in a variety forms by different email providers and app developers.
Gmail adds a level of encryption to all of the messages that you send or receive, but the Google juggernaut isn't always as secure as you might expect.
Encryption from Google
Gmail uses Transport Layer Security (TLS) to automatically encrypt your incoming and outgoing emails but this only works if the email providers of both the sender and the recipient always use TLS.
G Suite Enterprise users get an extra layer of encryption through S/MIME (Secure/Multipurpose Internet Mail Extensions) support. This supports encryption in transit and automatically encrypts outgoing emails whenever possible. Users can prevent messages from being sent or received unless they are S/MIME encrypted or signed.
S/MIME needs to be enabled by an administrator account. They can do this by following the instructions provided by Google.
Like TLS, this only works if both the sender and recipient have it enabled. That means that Gmail messages are protected if you both use Gmail, but not if one of you uses a different provider - and it doesn't stop Google from scanning your emails, for example, for advertising keywords.
So Google still doesn't offer the end-to-end encryption that is necessary to protect all messages while they're in transit.
In 2014, in the wake of Edward Snowden's exposure of government surveillance programmes, Google announced that it was also developing a Chrome extension that would add end-to-end encryption to Gmail.
By 2017, with the promised addon still yet to materialise, Google uploaded the end-to-end encryption code it had developed to GitHub and invited the open source community to build on the code.
Encryption through third-party browser extensions
End-to-end encryption can be added through "Pretty Good Privacy" better known as PGP. The software generates a public key that people can use to send you emails, and a private key that you use to decrypt them.
A Google Chrome extension called FlowCrypt adds this protection to Gmail through the addition of a Secure Compose button that sits atop the regular Compose button.
Users can encrypt email for anyone, whether they have FlowCrypt or not. If they don't have the extension, they can access the email via a password.
Another popular plugin such as the SecureGmail chrome extension, which doesn't let the unencrypted text reach Google servers.
You can download the extension from the chrome web store. After it's installed, refresh Gmail and click on the lock icon that appears next to the compose button. When you send the email, you'll be asked to choose a password. The recipient will have to use the same password to read the message.
Chrome users can also use a plugin called Snapmail to send "self-destructing text emails". The extension adds a Snapmail button to Gmail messages that they can press to encrypt the information. Recipients receive an email with a link to the message that disappears after 60 seconds. The email is stored on Snapmail servers until the recipient clicks the link, at which point it's instantly deleted.
Firefox users have another option to consider called Encrypted Communication. This plugin encrypts emails - to use the plugin, compose an email and then right-click on the message and select "Encrypt Communication". Then enter a password and send it to the recipient, who can decrypt it using the same password you provided.