Keep your Gmail transmissions secure
Set Google's mail service to encrypt all connections to your in-box.
When I mentioned in a post last week that Ifrom my office Microsoft Exchange account to Gmail, several people claimed that this puts the company's data at risk.
I failed to point out that the information in the messages was not at all sensitive: no invoices, strategic plans, credit-card numbers, customer records, etc.
But what if I had needed to access private information from this account on a system other than Outlook? Assuming that no company can be trusted, how could I use Gmail without worrying about security?
One part of the problem was addressed when Gmail began supporting HTTPS connections. Well, Google claims that Gmail has always supported HTTPS, but you had to add the "s" to the URL prefix manually to access the encrypted version of the service, and log in at "https://mail.google.com," not "https://www.gmail.com." (Note that Google Calendar also supports HTTPS.)
Now Gmail lets you encrypt all your connections to the service via a simple settings change. To secure your e-mail transmissions, click Settings in the top-right corner of the main Gmail page, scroll down to "Browser connection" at the bottom of the window, select "Always use https," and click Save Changes. The next time you open your Gmail in-box, the transmissions will be encrypted.
The Gmail Help Center states that encrypting connections may slow down your page loads, but this is a small price to pay to secure your e-mail link, especially when you're computing in the great outdoors, whether using your own laptop or a public PC.
But does this truly secure your data? There are several Firefox add-ons that encrypt messages and attachments sent and received via Gmail. One of these is Gmail S/MIME by Richard Jones and Sean Leonard. Gina Trapani's Better Gmail includes encryption among many other useful Gmail enhancements.
Even these measures won't be sufficient to convince some people to trust Gmail specifically or Google generally. Nearly all of my remote connections to the office servers are made over a VPN link. When in doubt--even a little bit of doubt--encrypt.