As convenient as it is to send an email, it is important for you to know that email should not be used to send or receive sensitive information. Email was not created with security and data privacy taken into account and is still not considered a method of secure communication.
Your business and personal email are simply delivery systems. For this reason, Kappa security best practices recommends that email be avoided entirely when sending or receiving sensitive or confidential information.
The Risks of Sending Sensitive Information in Email
From sender to recipient, email passes through several different points, it isn’t as simple as going from point A to point B. This is why emails are put at risk of attack from cybercriminals. Once you send an email with sensitive information you are sending that information through several locations and storing the data in several locations, all of which can be compromised. These locations include:
Anywhere you have your email program installed such as your PC, your laptop, your tablet or your smart device. It doesn't have to be a person looking over your shoulder or gaining access to your devices, sifting through email is what most malware does.
The same goes for the recipient and their device or devices, your sensitive information will be stored as well.
Email is also saved on your own email server and the email servers of your recipients, if any of these servers are hacked or accessed by an unauthorized individual, your sensitive data is at risk.
Email also travels through networks along the way from sender to recipients. There is no guarantee that all of these traveled through networks are going to be secure so here as well, your sensitive email is at risk.
Once you've hit the send button you no longer have control of your sensitive or confidential information. Keep in mind your sensitive information can be revealed, read and distributed if hackers compromise any of the above systems.
Examples of Sensitive information
Sensitive information is defined as data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization. Be aware of sensitive information that hackers are looking for, this includes:
Usernames and passwords.
Credit card information.
Your social security number.
Supplier and customer information.
Whether you are sending or receiving sensitive information, avoid email entirely. At every step of the email transmission and delivery you have no assurance that email will be protected. Email is not private or secure so always assume your email can be made public and anybody can read anything your send or recieve. Remember your sensitive data is like money to cybercriminals. Value it and protect it by not sending it via email. Think twice before you hit send and remember nothing you ever send via email is ever guaranteed to be secure.