Encrypting Email (Internally and Externally) 1. Internal (In-House) Email Encryption Usually encrypting internal email messages is not necessary. When sending internal messages securely, use an encrypted MS Office attachment. Always use 15+ character password.. For pre-2007, you need to select AES encryption instead of the default, which can be easily decrypted. Never put the password to the attachment in the email itself. 2. External (Outside) Email Encryption To ensure an external message is encrypted, use !Secure at the beginning of the subject, followed by a space.- !Secure is not case sensitive (see example below). Some messages may be automatically encrypted without using !Secure in the subject line because they contain information such as Social Security numbers, credit card numbers, Epic medical record numbers, etc. Encryption only applies during the transmission to outside email recipients. Once received, it may no longer be encrypted and can be read by anyone that has access to the recipient email account. If the recipient's email server uses TLS (e.g. Gmail) the email will appear normal and the recipient will not have to click on a secure envelope to retrieve the message. If the recipient’s email server does not use TLS and a secure message is received, the recipient will receive a secure envelope which requires the recipient to click on the envelope and enter a password to retrieve the document (see example below). Encrypting Email (Internally and Externally) An Initial password will be required to be entered and confirmed -- use what ever you like. If you have forgotten the password, you will need to click on the reset or forgot password link to enter and confirm a new password. If there are problems resetting the password, please call (706) 774-5050 if necessary to have Security reset password and try count. Some internet email accounts such as BellSouth do no support secure email. If there is a problem, IS Security may tell you to use an encrypted MS Office attachment. (reference above). It is best to use secure mail instead of using encrypted attachments because IS Security has to manually release password protected files and it may take days for the message to be released since no one is monitoring the traffic at night or on weekends.