We all send generous amounts of information through email every day. These emails are sometimes harmless, but often they are essential to your concerns. So, have you ever asked yourself whether emails constitute a secure channel for sending all this data?
The risks associated with sending sensitive information through email
It is very easy to accidentally send an email to the wrong recipient. You also have no control over what happens to your emails once you send them. Your recipients may well transfer them to all their contacts. A malicious user could intercept your emails as they are sent over the web (ex. from your recipients’ Starbucks Wi-fi connection).
The impacts of divulging sensitive information through email
Loss of credibility
For example, you are an insurance broker and you accidentally send an email to one of your new clients (Frank) that was intended for another client (John). This email happens to contain a lot of information about John’s insurance policy, such as details about his health. Frank realizes that you are not conscientious about protecting your clients’ files and he loses confidence in you. After speaking to colleagues about this, Frank ultimately decides to not renew his contract for the following year.
Furthermore, questions remain: Should you notify John of the incident? What will he think of this?
You send the personal data of new employees to your group insurance provider and a malicious user intercepts the email. That user now has all the information required to fraudulently steal their identities. Ultimately, the fraudster obtains a credit card and makes online purchases on top of securing a loan from Desjardins, all in the name of your employees!
So, how do you now go about sending information by email?
When it comes to good cyber security practices, there is one very simple rule: Never transmit personal or confidential data in the body of an email. It is not a secure. Rather, include the sensitive data in a separate document and save it to a portal that only your client can access, or encrypt the document using a highly secure password.
In other words, you should always start by asking yourself before sending any email whether the unauthorized divulgation of the data contained therein could cause serious damage to your enterprise, clients or partners. If in doubt, apply the same rules as if you had answered yes to the question.
Though it is not always easy to know what to do, here is an incomplete list of information that should never be sent through an unencrypted email.
- A name associated to a birthdate, an address, a bank account number, or a driver’s licence number.
- Information contained on a passport.
- A social insurance number.
- Information about a contract.
- Detailed descriptions of manufacturing processes.
- An enterprise’s development and commercial strategies
The importance of training employees about the risks of email
You are now aware of good cyber security practices and you should now be in a better position to protect your personal and confidential information! But what about your employees? Are you sure they are aware of all the risks? Your employees have access to much data that must be handled daily. It is essential that they be as aware as you about these risks. The CyberSwat Group launched a cyber security prevention program that helps SMBs from Quebec better protect against this type of risk. We are offering you both a cyber security awareness program and tools to assess the level of risk your employees represent.