.

Sending Secure E-Mail Attachments

Sending information via e-mail attachment is quick and easy but is open to the risk that someone other than the intended recipient can intercept it.  This can be a serious problem if the information contained within the attachment is sensitive or confidential.

To help you keep the contents of your e-mails secure, below are some instructions on how to password protect Word documents and then encrypt the file so that you can send it safely.

Password protecting a Word document

Microsoft Word allows you to apply a password to an individual file so that it can only be opened once the reader has entered the correct password.   

 Follow the steps below to apply a password to a document:

  1. Click the File tab.

  2. Click Info.

  3. Click Protect Document, and then click Encrypt with Password.

  4. In the Encrypt Document box, type a password, and then click OK.

  5. In the Confirm Password box, type the password again, and then click OK.     

Encrypting your files (7-zip)

To increase the level of security, we also suggest that you encrypt the file before sending it via email.  Encryption is a software tool that uses "scrambling" to make data unreadable. Once a message is encrypted, it will appear as a meaningless garble of characters to anyone except the person who has the password to unscramble it.

To help you decide whether you need to encrypt any files before sending them, look at the three questions below.  If you answer ‘yes’ to any of them then you should use password protection and encryption.

For example:

  • Do you have data that could cause damage to either the University if it fell into the wrong hands? (E.g. - The sharing of Exam papers.)
  • Are there documents on your computer that are strictly confidential? (E.g. -Bank and credit card account numbers or Personnel files.)
  • Do you send and receive email messages containing confidential information about the Universities' work?

Download 7-zip
To encrypt your files we recommend that you use open source software called 7-Zip, which is installed on all university computers.  If you do not have 7-zip installed on your computer, you can download it at http://www.7-zip.org

View a demonstration on how to download 7-zip or follow the steps below:

  • Go to http://www.7-zip.org in your web browser (Internet Explorer, Firefox etc).

  • On the home page click the top 'Download' link for '7-zip 4.57' (the file type is .exe).  This will redirect you to download pages on SourceForge.net.

  • Once the web page has loaded you may see a message window alerting you to a yellow Information Bar at the top of the page.  To close the window click 'Close.'

  • The yellow Information Bar is a security measure which occurs when any software tries to install itself onto your computer.  It requests confirmation that you want to download.  To confirm click 'Click here for options' and then 'Download File.'

  • A new message window will appear asking whether you want to Run the download file or Save.  Click 'Run.'

  • Another security message will appear asking you to confirm that you want to download the file.  Click 'Run' to confirm.

  • The Setup Wizard will then ask you where you want to install 7-zip.  As default it will have chosen your C:Drive.  This is the default destination for applications so you do not need to change it.  Click 'Install' to begin the installation.

  • Once installed close the Setup Wizard by clicking 'Finish.'

Encrypting a file using 7-zip
Once 7-zip is installed onto your computer you can use it to encrypt your files. 

View a demonstration on how to encrypt your files using 7-zip or follow the steps below:

  • Launch 7-zip using the Start menu (Start - All Programs - 7-zip - 7-zip file manager).

  • In the 7-zip file manager locate the file that you want to encrypt (the file manager will list all storage drives including your H:Drive).

  • Once you have located the file you want to encrypt, select it by clicking it once.

  • With the file highlighted, click 'Add.'

  • This will open a new window called 'Add to Archive.'

  • At the top of the left column change the 'Archive Format' to 'Zip' using the drop-down menu.

  • At the bottom of the right column check that the 'Encryption method' says 'AES-256.'

  • Above it, type your chosen password into the 'Enter password' text box.

  • Directly beneath it, re-enter your password into to the 'Re-enter password text box.

  • Click 'OK' to close the 'Add to Archive' window.'

  • Back in the file manager you can now see the encrypted and zipped file.  You can identify it by its icon which is of a folder with a zip through it.

  • You can now send the file as an email attachment but remember not to include the password in the same email. 

Opening an encrypted file

To open an encrypted file via email attachment you will need to use 7-zip.  Don’t forget that you will need to know two passwords – one for the Word document and one for the encrypted file.

View a demonstration on how to open an encrypted file or follow the steps below:

  • In the email message window double click the zipped attachment.

  • You will then be asked if you want to Open the attachment from its current location or save it to your computer.  Click 'Save.'

  • Save the file to your desired location (for example, your H:Drive).

  • Close the email message window.

  • Open 7-zip using the Start menu.  This will open the 7-zip file manager.

  • Browse for your encrypted file using the drop down list of file locations.

  • Once you have located your file, double click it to open the folder.

  • In the folder, double click the Word document to open it.

  • At this point you will be asked to enter the password assigned to the encryption process.  Enter the password and click 'OK.'

  • You will then be asked to enter the password for the Word document.  Enter the password and click 'OK.'

  • The Word document should now be open.

Best Practices

  • Make passwords hard to guess (6-12 characters in length, at least one capital letter and at least one symbol).  DO NOT use a word that appears in a dictionary.

  • NEVER send out passwords in the same email as the encrypted file(s).

  • Always confirm the identity of the recipient before releasing passwords.

  • Inform recipients of passwords either face to face, by telephone or in a separate email.

Please contact the ISA Helpdesk if you have any queries or require further help.