Empower your business today! - Call 1300 991 992

Why It’s Never Okay to Send Sensitive Information Over Email

Why It’s Never Okay to Send Sensitive Information Over Email
Share this post

It’s not a stretch to say that most of us rely on email to communicate with our peers, both within our own organisation and others. While email is certainly a convenient way to communicate, it’s by no means a secure platform and should never be used to share sensitive information. Despite this, most email users aren’t aware of these dangers. All too often, we see people sharing passwords, credit card details and documents containing personally identifiable information across their emails.  

To help give peace of mind, this article will fill you in on all the need-to-know information about email security and how to navigate your online privacy from here on out  

BUT ISN’T EMAIL SECURE? 

Well, yes and no. Thankfully these days, most email platforms encrypt messages so there is little chance of an email being intercepted and read by an unwanted snooper. But there’s more to consider. 

In 2018, Untangle, a network security provider for SMBs, reported that 84% of their channel partners identified their clients as targeted by phishing attacks.

In 2020 already, one of the most common targets for hackers are email accountsAnd it doesn’t take much for a hacker to lure an unsuspecting and untrained user into a phishing attack, which gives them instant access to their entire mailbox if not properly secured (and most mailboxes aren’t!). So, despite any in-built security, if you’re an email user, there’s undeniably a target on your back.  

WHERE IS THE RISK?

Firstly, it’s always crucial to think about your own computer’s privacy. Are you using the same password for your email as well as everything else? Have you been receiving and replying to sketchy, out of the blue emails? Have you been receiving and clicking on any unsavoury links? 

All of these are the classic trappings many unsuspecting email users fall into and they are a perfect in for hackers. It’s important to avoid all these scenarios 

However, perhaps your mailbox is secure, protected with multi-factor authentication, and you’re the type of person who would never fall prey to these typical phishing attack methods. But what about the person on the other end?  

When you send sensitive information over email, such as credit card details or private documents with personally identifiable information in them, you are putting your trust in the receiving party to ensure that data is never compromised. After all, email communication almost always goes two ways or more. The sender and the recipient(s). And unless the recipient deletes, purges and empties their deleted items folder, there is a copy of that data in their mailbox and you are trusting them to protect it. And who’s to say how many others have access to their account, or how cautious they are with who they send information to, or how much protection they’ve placed onto their own computer/mobile?  

There are countless variables as to just how vulnerable your information may be when sending out this sensitive information. So, despite how safe you may be, there is always going to be a risk on the other side.  

HOW TO SECURELY SHARE SENSITIVE INFORMATION

Unfortunately, these may sound like scary revelations, but don’t worry, there are still ways to ensure you have the utmost security when using email! 

When you are revealing a password to someone else and are unable to verbally do so over a phone call or something of the like, it is wise to use a service like http://onetimesecret.comThis site only allows the recipient to view the ‘secret’ once before the page and information within it are destroyed. You can even create a secondary password needed to be able to access the secret, referred to as a ‘Passphrase’, which will double your information’s security. However, in order to give this recipient the passphrase, it’s recommended you do so over a phone call (whether it mobile, Skype, etc.) 

However, given you are still putting your trust in another service, we recommend only putting your password into the secret. Other information, like thusername or what the password is for, should be omitted and transferred elsewhere. That information should never be travelling together, either way. 

Another useful security tool is with lastpass.com. This is a free service you can install onto your web browser which we highly recommend everyone adopts (it’s also worth recommending it to any friends and family!) 

It’s not uncommon for people to fall into the trapping of using the same password for just about everything, which is pretty much a hacker’s dream. This is usually done to avoid the hassle of having to remember countless passwords. However, with something like LastPass, it removes the difficulty of having to remember all your passwords and instead keeps them organised for you! Then this way, hackers can kiss their dreams goodbye. 

Once you do create and incorporate a LastPass account onto your computer, you’ll be given a so-called ‘Vault’, which they themselves explain below.  

Your vault is a safe place to store passwords, notes, profiles for online shopping, and even documents. And no matter where you work, your vault keeps everything in sync, so you can stay organised and save time. – LastPass

Astated above, LastPass is also a solid, secure home for documents. But, what about sending a document?  

SHARING DOCUMENTS SECURELY

Well, rather than sending a copy of a document via an email attachment, it’s wise to send a sharing link instead. OneDrive for Business is Microsoft’s own personal cloud storage system, which can provide businesses with up to 1TB of space to store all your required documents and allows you to share your documents with internal and external users.  

To add an extra layer of security, set the sharing link you send to expire after a set periodThat way, should the recipient’s mailbox be compromised in the future, the link will no longer work. 

GOING FORWARD

Now that you’re aware of the dangers associated with email and how to combat it, it’s time to make sure you implement this knowledge into your online presence in order to remain safe and secure in the future. To recap, from here on out, we recommend reassessing what content you send over emails, who you send information to, and adopting safety nets such as LastPass and secure storage systems like OneDrive for Business, in order to maximise your online security.  

With all of this in check, you’ll be able to continue forward with ease and confidence, knowing that you are already one step ahead of any nasty hackers lurking in the shadows.  

Tas Gray

Tas Gray is one of Axiom IT's directors. He spends most of his time working with Office 365 and other cloud technologies. He holds an MCSA in Office 365 and helps clients get the most from their Office 365 subscriptions.