We say it time and time again - every email you send, every file you share, it must be sent securely. The data protection hazards are too big to warrant any risky moves today.
However, there are a few misconceptions around email security that we often hear. So, we’re here to shed light on why they don’t stand up.
1: Small files don’t need security
The size of data is often decisive. The larger the file, the greater the chance that the data will be sent securely. This seems logical; the size of the file reflects the size of the risk.
However, data protection regulations don’t concern file sizes. A data breach is a data breach, even if only one person is involved or the data leaked is small in quantity. Furthermore, GDPR allows interest groups to approach other concerned parties in order to bring a joint lawsuit. This means that, in the healthcare sector, for example, if things go wrong for one patient, the chances are that other patients - without knowing it - have also fallen victim to the same incident.
Every file, regardless of size and quantity of sensitive data, must be sent securely.
2: If the recipient requested the information themselves, it doesn’t need to be secured
If a patient submits a Subject Access Request (SAR), the data provided will likely include a great amount of sensitive information, including their full name and address, patient/NHS number, insurance number, BSN/NI number, as well a full treatment report.
Some organizations will include a warning in the correspondence: “Please note, this email includes national insurance data’. But what does this matter if the email is intercepted?
So the question is, can a professional shrug the responsibility of a breach if the data is specifically requested by the intended recipient? The answer is no. All sensitive communications, requested or not, must be encrypted, and preventative actions taken to ensure data is not accessed by unintended parties.
3: Internal emails don’t need to be secured
Sharing sensitive data with a colleague doesn’t need to be secured, right? Wrong. Regulatory bodies require any email containing sensitive information to be sent securely. So, even if your colleague is in the same room as you, you must still take the appropriate measures to protect any sensitive data you share with them is secured.
4: Assuming the recipient is secure
In the public sector, local authorities and other parties regularly share information with the police. Surprisingly, this regularly happens by unsecured email, often because the public body assumes that the police have good security procedures in place.
The same assumption applies to other parties. However, on the matter of security, it is never wise to simply hope for the best. Even if your recipient is extremely secure, an email can be intercepted during transit - this is why encryption is so important. Plus, if auto-complete functionality in an email client lets you down (as it is prone to doing), you may even send the email to the wrong recipient. We know - it doesn’t bear thinking about.
5: The recipient doesn't want all the hassle
Let’s be honest, none of us want to burden our customers, patients, suppliers, or stakeholders with procedures to access an email. However, it’s all about balance: will your recipient be frustrated at having to input a unique 6 digit code to authenticate their identity or will they just appreciate the knowledge that their data is safe in your hands?
It’s a no brainer.
Plus, remember: it’s a matter of compliance. No regulatory body accepts excuses, no matter how well meaning. So, the next time you come to send sensitive data and one of the above pops into your head, remember - prevention is better than cure. Do the right thing - and better than that, do it effortlessly, with Zivver.