We send an estimated 306 billion emails every day globally, personal and professional. Still, it’s not secure. Any private data, proprietary information or sensitive documents sent are at risk.
Sending an email is convenient and quick, but when it comes to confidential data, you’re better off choosing another method of delivery, one that doesn't have as many potential points of access for an ill-intentioned actor.
Think about the path an email travels:
First, you write it on your PC, laptop, tablet, or phone. This stores the information in your email program. A hacker who has accessed your device using malware could read it.
The email then goes out to your email server. If that server is hacked, your data is at risk.
Your message then travels through online networks to reach your recipient, but there’s no guarantee those networks are secure, especially not if you are crafting and sending that email from a public network in an airport or at a coffee shop.
The email then hits the recipient’s email server, then their email program, and then their device. But the same risks that arose at your end are replicated on their side of the exchange, too.
Basically, when you send an email you lose control of the security of that communication, and potential problems abound:
Hackers could be intercepting and reading your email.
You can’t be certain that your recipient’s server or storage is encrypted at all times.
A bad actor could impersonate a server to intercept messages, and you wouldn't know any better.
Your recipients may save that email in their mailbox for months or even years. Down the road, if they are compromised, your email is vulnerable.
Recipients can inadvertently forward that email on to unexpected parties.
You can’t assign permissions or password protect that email.
The Solution to Email Insecurity
Stop sending sensitive information via email. Instead, select a method that allows you to check and control who has access to that data. This could mean uploading the information to a private portal or sending using an encrypted file-sharing service such as Google Drive or Dropbox. There are also encrypted messengers such as Signal, Wire, and Wickr Me, which offer end-to-end encryption and autodelete data to cut the risk of email exposure.
If the recipient needs a username and password, send the two credentials separately. You might text them the password, mail it, or call and give it to the individual directly. When using a system that sends a password email to the user, contact that individual directly. Ensure that they receive the email, log in, and change the password to something else.