Why Email is Not a Safe Method for Transferring Sensitive Files

Byron_Clarke

Even with the growth in video conferencing and cloud computing, email use is not only still relevant, but is growing. With more businesses shifting to either hybrid work or remote work environments, email has become a convenient way to transfer files. While this might seem like an efficient solution, email is an insecure method and a poor choice for transferring sensitive information.

Is email a good way to transfer files?

You probably use email, and you’ve likely used it to transfer files at some point. You may have even run into some of the reasons that email isn’t a good way to send files. It is notorious for its incapacity to transfer large files, the difficulty to organize information, and the time it takes to keep inboxes clean. However, it’s dangerous to send sensitive information through a platform that lacks security.

Email can be intercepted by hackers or malicious third parties, resulting in the theft of important data

Email is sent over the internet using plain text protocols, making it vulnerable to interception by malicious actors. Hackers use a variety of techniques such as sniffing, man-in-the-middle attacks, and IP spoofing to gain access to emails or email servers, allowing them to see confidential information or take control of accounts. Even encrypted email is not completely safe from these threats, as hackers may be able to steal encryption keys.

What is encryption?

Encryption is the process of encoding data to make it unreadable by anyone without a key or password. It involves mathematical algorithms to turn readable data into an unreadable form, making it much harder for others to see confidential information. Encryption also serves as a way to authenticate the senders and receivers of data, ensuring that no unauthorized parties can gain access. By sending an encrypted email, companies, and individuals alike can ensure that their data remains secure.

Unencrypted emails increase the risks of transferring confidential documents or sensitive data

Emails are usually not encrypted because of inconvenience. It requires that users remember passwords and encryption keys, both of which can be difficult for users to manage. Additionally, email encryption often requires extra processing power from computers, making it slower to send and receive emails than non-encrypted messages. Some email providers also lack secure encryption protocols.

Email services offer limited control over copied or forwarded versions of your messages

There is limited to no control over who can receive copied or forwarded versions of messages when they travel over the internet. After a message is sent, it’s almost impossible to know what that user may do with the information or a way for you to delete it. Leaving potentially sensitive  data in the hands of another person.

Email services cannot protect against human error

Despite the advances in security measures taken by companies, human error remains one of the main causes of leaking sensitive information. This is due to simple mistakes such as sending emails to the wrong person, simply sending something that shouldn’t be sent, or even failing to encrypt a message when required. Additionally, users can become complacent when using email services and neglect protocols such as two-factor authentication. To prevent this, it’s important for users to practice good cyber hygiene habits and to remain vigilant about security practices.

Information you should never send by email

Personal and financial details should never be sent through email. It is important to use secure methods like file-sharing services and collaboration tools when handling sensitive data. It’s also important to keep in mind that any form of file transfer comes with risks.

• Authentication credentials 
• Banking or financial account information 
• Birth certificates or copies 
• Credit card numbers or copies 
• Debit card numbers or copies 
• Driver's license numbers or copies 
• Government-issued identification numbers or copies 
• Health information 
• Important documents (including but not limited to correspondence between an attorney or a doctor) 
• Invoices or receipts displaying your name, address, or phone number 
• Passport numbers or copies 
• Passwords 
• Property titles or copies 
• Sensitive photos or messages 
• Social Security numbers or copies

How are companies trying to fix security issues?

Email companies have increasingly begun to focus on security measures to protect user data. These measures all help to ensure user data remains secure and protected from third parties. Authentication methods such as two-factor authentication and device authentication are becoming more common with popular email providers like Gmail and Outlook. Many of these email companies are also introducing encryption protocols such as TLS and STARTTLS, which encrypts emails in transit.

Other services such as ProtonMail offer end-to-end encryption, meaning that messages sent remain encrypted while in transit and can only be read by the sender and recipient. Furthermore, ProtonMail also has a security alert system that notifies users about potentially suspicious activity. These features are designed to ensure that messages and user accounts remain secure, protecting sensitive data.

What tools can I use to send sensitive data instead of email?

For more secure communication, there are other tools available that offer better protection for confidential information. By taking advantage of these alternative methods that utilize encryption, users can decrease the likelihood that confidential information is lost or intercepted in transit.

List of tools to consider 

• Chat platforms encrypting messages such as Signal or Telegram 
• Cloud storage solutions, such as Google Drive or Microsoft OneDrive 
• Collaborative document tools such as Google Docs, Sheets, and Slides 
• E-mail providers utilizing encryption, such as ProtonMail 
• End-to-end encryption protocols such as PGP 
• File hosting services like Dropbox 
• File-sharing services, such as WeTransfer 
• File transfer protocols such as SFTP 
• Internet fax services 
• Lockbox file encryption software 
• Mobile device management solutions such as Microsoft Intune 
• Offline methods such as face-to-face meetings, couriers, or post 
• Private FTP servers 
• Password-protected email 
• Virtual Private Networks (VPNs)

How do I send a secure email?

Sending a password-protected or encrypted email with one of the major providers is easy with just a few steps: 

How do I send a password-protected email? (Gmail) 

You can send a password-projected email with Gmail by following a few steps. 

1. Click Compose 
2. In the bottom right of the window, click ‘Turn on confidential mode.’ 
3. Set an expiration date and passcode, which will create security for the message text and any attachments. The passcode will be sent via SMS or Gmail, depending on if you choose “SMS passcode” and the app used by the recipient.  
4. Click Save.

How do I send an encrypted email? (Gmail) 

Sending an encrypted email with Gmail only works if both the sender and receiver have it enabled. 

1. Enable hosted S/MIME. You can enable this setting by following Google’s instructions on enabling hosted S/MIME. 
2. Compose your message as you normally would.  
3. Click on the lock icon to the right of the recipient. 
4. Click on “view details” to change the S/MIME settings or level of encryption, which is shown by either green (protected by S/MIME encryption), gray (protected by Transport Layer Security), or red (not encrypted). 

Protect your sensitive information

People rely on email for everyday tasks, but transferring and storing confidential documents via email should be avoided. With just a few simple steps, you can better protect your sensitive data from falling into malicious hands or getting corrupted along the way. Whether you’re sending personal information or something that affects your organization, you should look into using dedicated file transfer programs or cloud storage services that offer end-to-end encryption protocols and other advanced security features. They will provide you with the peace of mind of knowing that your sensitive data is secure from prying eyes.