Picture this: You’re wrapping up your day, rushing to send one last email before heading out. You attach the file, type in the recipient’s name, hit send, and, whoops! You just sent a document with sensitive student data to the wrong person. Sound familiar? It happens far too often!
Email is one of the most convenient tools we use daily, but it’s also one of the most common ways sensitive information gets exposed. Whether it’s Social Security Numbers, financial records, or confidential research data, email is not the place for it. Now that classes have started again, and so has the routine of stressfully needing to communicate important details, here’s why we don’t recommend relying on ordinary email to send high-risk data:
- You may forget to encrypt a file: Software like Word, Excel, and Acrobat have an encryption feature built into the program, but many users are probably unaware of this feature, or they forget about it. This results in sending an unprotected file, which reaches the recipient’s email provider. Imagine someone hacking into your inbox and stealing those files. This would result in collateral damage and a data breach that could have been avoided.
- You may send the file to the wrong person: Even without someone hacking into your email inbox, the files could get into the wrong hands. Sending an email to the wrong addressee happens more often than you think. Sometimes it takes just a typo to send the files to the wrong recipient.
- Your email can be forwarded to a third party: After sending off your email to the recipient’s inbox, you may think that your files are safe, but there is nothing further from the truth. Any email can be forwarded, and you have no control over it. You might try protecting your files by storing them in an online hosting service. However, you may forget to provide the intended recipient with the appropriate permission for access to those documents.
What information should not be sent via email? Users should avoid sending the following data via email:
- Personal information: Social Security Numbers or banking information.
- Confidential information: Trade secrets, employee data, or proprietary technology.
- Financial information: Payment information, bank accounts, and credit card numbers.
- Legal documents: Contracts, court orders, or legal advice.
Why is email not secure enough for high-risk data? In addition to the above, the open network infrastructure makes it easy for anyone with internet access to intercept confidential data, creating significant attack vulnerabilities. Many ordinary email providers use outdated security protocols, which are not updated regularly, making them susceptible to identity theft. Additionally, the risk of interception and exploitation due to insecure networks adds another layer of concern. Most email providers lack end-to-end encryption, leaving confidential information exposed; on top of that, some users fail to take basic precautions such as strong password protection or enabling two-factor authentication.
As a result, ordinary email security is far less reliable than other solutions for those who need to send sensitive information. So, the next time you ask yourself, “Is sending documents over email secure?,” keep in mind these weaknesses.
What should you do instead? We recommend using UMD SecureShare to send high-risk or restricted email communications. Additionally, for file transfers, UMD provides access to Box, a cloud storage platform that offers encryption and access controls that email lacks. Box is a cloud-based storage and collaboration system that provides a web interface for uploading, downloading, sharing, and discussing files. It is designed to work on Macs, PCs, smartphones, and tablets, and is primarily intended for data that is classified as high-risk. If you must email sensitive data, make sure you do it from your UMD account, never from your personal one, and use encryption tools or password-protected attachments (never send the password in the same email!).
The bottom line is that email is great for communication, but when it comes to sensitive data, it’s a risk magnet. Higher education institutions handle a wealth of confidential information, so let’s make sure we are doing our part by keeping it safe. Next time you’re about to send that email, pause and think: Is this the best way to share this information? A few extra steps today can prevent major headaches tomorrow.
Stay safe, stay secure, and most importantly: think before you click!