Using email is not a secure way to send information. Email works by sending data, in plain text, from server to server. There is no encryption to stop hackers from reading your messages. Despite password requirements, this plain text can be read by anyone while in transit. While it is safe to send non-sensitive information through email, hackers can easily hack email accounts. If sensitive data are included, this can lead to trouble. Let’s talk about why email is insecure, what not to send via email, and how to increase your security.
Why is email insecure?
Email was not created to be secure. To operate, email uses Simple Mail Transfer Protocol or SMTP. This is a standard communication protocol that allows email to be shared across a network. This means that servers can exchange email and data even if their hardware or software is different. Standardizing the way email travels from a sender’s server to a recipient’s server makes widespread email possible. This protocol originally did not require authentication or encryption. Email security is weak because:
1) Messages aren’t encrypted
This means that anyone who has access to the servers can access the contents of your email while it is in transit. Server administrators, hackers, and scammers can access your email, change its contents, or even delete the email.
2) Data Leaks
Mistyped email addresses or scammy accounts can lead to data accidentally winding up in the wrong person’s hands. Unfortunately, not all email platforms are configured to be able to unsend an email. The ones that do are typically time sensitive or only available to unsend if the recipient hasn’t opened the email. Due to this, a simple mistake or falling for a false advertisement could mean your data is sent to the wrong inbox.
3) Phishing Scams
In a phishing attack, scammers send fake messages, hoping to trick you into sending them your confidential data. Phishing scams can be difficult to avoid because anyone with your email address can use it and blocking every scammer out there is impossible.
4) Malware
Malware attacks happen when malicious software is downloaded onto your device or network. This software, with access to your private network, can steal confidential data and information. Attackers can send an email with malware disguised as a link or file download and will format the email to convince you to click on the link or file download. Once the software is running, it immediately begins trying to steal your data.
What not to send
It is strongly recommended not to send sensitive information such as:
- Social security cards/numbers
- Driver’s license cards/numbers
- Passport numbers
- Bank/Financial account numbers
- Credit/Debit card numbers
- Private health information
- Documents protected by attorney-client privilege
- Passwords
- Authentication credentials
Is it possible to increase security?
There are a few changes available that can either make email more secure or give you an alternative to safely send sensitive information. You can: encrypt your email, send encrypted attachments, password-protect your attachments, or utilize a client portal instead.
Encrypt your email
- Encryption scrambles your email into code. Email can only be read with the decryption key.
- Some email providers have a built-in encryption mode
- You must enable encryption according to your email provider
- Both sender and recipient have to have encryption enabled to secure the email
Send encrypted attachments
- Attachments can be encrypted through some email providers
- For example; Gmail offers encryption services, Yahoo does not.
- Microsoft Outlook can also be used to encrypt attachments
Password-protect attachments
- This way, you can send files that can only be opened with the correct password. Even if a hacker has access to an email server, they cannot read your file.
- Unfortunately, this process may not be practical for people who frequently send emails containing sensitive information.
Utilize a client portal instead
- Using a client portal skips email altogether, allowing you and your clients to connect without sharing emails
- Most client portals are encrypted and require authentication.
What is the best alternative?
It is clear that better resources that email must be used in sending sensitive data in order to keep it safe. Knowing that 94% of malware is caused through email and that over 75% of targeted cyberattacks started with an email in 2023, protecting your information is more important than ever. Choosing the best alternative is a crucial decision for your business and for your clients, which is why we recommend partnering with a knowledgeable Managed Service Provider like us to help you make the best choice! Keeping your information safe is our utmost concern.