Who’s reading your email, besides the person you sent it to? Maybe it’s a prying spouse (or a spouse who’s allowed to peek) or an IT guy in your office. But it could also be hackers, or even the federal government. (When Edward Snowden leaked classified government documents in 2013, he exposed the National Security Agency’s widespread surveillance of everything from top-secret government communications to emails from people like you and me.)

No matter who you want to protect your email from, with high-level spying and tech-savvy hackers, experts say simple password protection isn’t enough.

One problem is that home Wi-Fi networks, which are typically password-protected, don’t always deliver adequate email security. That love letter, email to your accountant or invoice that contains your social security number could become very public if a hacker succeeds in breaking in. And if you’re using public Wi-Fi, your emails are about as secure as if you left your laptop left on a subway.

Related: How to Lock Down Your Home Internet

For email communications, IT specialists say, the best safeguard is encryption.

“With email encryption, you have a private key that recipients also need to have,” says Jeremy Hammonds, an IT expert and owner of Two Moons Networks in Charlottesville, Virginia. “If you’re sending your grandmother recipes, it’s not an issue. But if you’re emailing company secrets, or anything you don’t want anyone other than the recipient to read, you want encryption.”

Encryption scrambles the contents of an email so it can be read only by someone with the password. There are two main ways to encrypt your email: Buy an encryption app and install it on your wireless device, or pay your Internet service provider (it’s usually a monthly fee) to add an encryption feature on your email account.

Here are pros and cons of each.

Related: Your Email Got Hacked — Now What?

Server-based encryption from an ISP

This is the easiest route, but since your email is encrypted on your Internet Service Provider’s system rather than your own device, you relinquish a measure of control. With server-based encryption from an ISP, any administrator with access to those servers has access to the information flowing through them, Hammonds says.

Email encryption apps

Once you install one of these on your wireless device,you are in control of the encryption. An added plus: There are no ongoing fees for service.

At home, choose an app with a PGP certificate (Pretty Good Privacy), which is the accepted standard, says Hammonds. Creating a good security code with letters (upper and lower case) and numbers is also essential. If it’s hard to remember, the key will be even harder for a hacker to crack.

The drawbacks are having to learn a new app and the extra time and effort it takes to send email, including having to log in with a password when you turn on your computer, according to Hammonds. He points out that you may also have to take a few minutes to prepare an encrypted email – an inconvenience to those of us who send emails almost as fast as we send instant messages.

But according to IT security experts, if the data in your email is sensitive, it’s worth it.

Related: How to Keep Apps From Learning Too Much About You

“Buying encryption software outright is probably the better option,” says Liridon Shabani, co-founder of Charm City Networks, an IT consulting firm in Baltimore. “That way you don’t have to deal with an ISP.” Shabani adds that WinMagic and Semantic are both good vendor choices.

More tips for keeping emails secure

  • Use secured cloud storage for attachments. Some email encryption software can’t scramble attachments. One way to work around this is to use secure cloud storage. Save the attachment in the cloud and give viewing permission to the email recipient. It’s an extra step, but the attachment remains safe.
  • Don’t whet hackers’ curiosity. The email message body can be encrypted, but some information can’t. That info includes the subject line, recipients and sender, dates and times, and the servers that route the email to its final destination. The best policy is to keep the subject line vague so as not to arouse curiosity, Hammonds says.
  • Encrypt your email when using public Wi-Fi. Virtually all free, public Wi-Fi hotspots are unsecured, according to Hammonds. “I would definitely secure my email if in a public place with unsecured Wi-Fi,” Hammonds says. “Also in apartments where tenants might piggy-back off a neighbor’s Internet service.”
  • Watch for problems in sending encrypted email and contact your ISP if necessary. ISPs and wireless broadband providers may block encryption technologies, especially if those emails appear to be outgoing spam. This happened to the global internet service provider Golden Frog, which has since petitioned the Federal Communications Commission to stop wireless providers from disabling encryption technologies.

Although encryption software can’t make email completely hack-proof, Shabani says encryption tools can make your email extremely difficult to crack.

Encryption might help protect your career, love life, identity and financial security. Because you never know who’s watching.

Related: Don’t Let Your Home Security System Get Hacked

Steve Evans, MA, is an award-winning journalist with more than 20 years experience in daily news, investigative, health and business journalism. Among other jobs, he has served as managing editor of the Central Virginia Newspaper Group, as a senior writer for SNL Financial and as a staff writer for The Progress Index and the Richmond Times-Dispatch.