We say it time and time again - every email you send, every file you share, send it securely. The risks are too high to risk sending sensitive data unencrypted today.
There a few misconceptions around email security. So, we’re here to shed light on the biggest risks to your sensitive data in email:
1: Small files don’t need security
The size of files and quantity of data often impacts the way people send it. The larger the file, the greater the chance that the data will be sent securely. The rationale seems logical; the size of the file reflects the size of the risk.
However, data protection regulations don’t concern file sizes. A data breach is a data breach, even if only one person is involved or the data leaked is small in quantity. Furthermore, GDPR allows interest groups to approach other concerned parties in order to bring a joint lawsuit. This means that if things go wrong for one individual, the chances are that other people - without knowing it - have also fallen victim to the same incident.
Key takeaway: Every file and sensitive message, regardless of size and quantity of sensitive data, must be sent securely.
2: If the recipient requested the information themselves, it doesn’t need to be secured
If an individual submits a Subject Access Request (SAR), the data provided will likely include a great amount of sensitive information, including their full name and address, patient/NHS number, insurance number, BSN/NI number and more.
Some organizations will include a warning in the correspondence: “Please note, this email includes national insurance data’. But what does this matter if the email is intercepted?
So the question is, can a professional shrug the responsibility of a breach if the data is specifically requested by the intended recipient? The answer is no. All sensitive communications, requested or not, must be encrypted, and preventative actions taken to ensure data is not accessed by unintended parties.
Key takeaway: Data in transit, whether it was requested or not, must be protected.
3: Internal emails don’t need to be secured
Sharing sensitive data with a colleague doesn’t need to be secured, right? Wrong. Regulatory bodies require any email containing sensitive information to be sent securely.
So, even if your colleague is in the same room as you, you must still take the appropriate measures to protect any sensitive data you share with them is secured.
Key takeaway: Internal communications are just as at risk as any email sent outside of your organization. Be sure to encrypt it!
4: Assuming the recipient is secure
In the public sector, local authorities and other parties regularly share information with the police. Surprisingly, this regularly happens by unsecured email, often because the public body assumes that the police have good security procedures in place.
The same assumption applies to other parties. However, on the matter of security, it is very risky to simply hope for the best. Even if your recipient is extremely secure, an email can be intercepted during transit - this is why encryption is so important. Plus, if auto-complete functionality in an email client lets you down (as it is prone to doing), you may even send the email to the wrong recipient. We know - it doesn’t bear thinking about.
Key takeaway: Never assume your recipient is secure, or that your email will safely reach its destination without being intercepted.
5: The recipient doesn't want all the hassle
Let’s be honest, none of us want to burden our customers, patients, suppliers, or stakeholders with procedures to access an email. However, it’s all about balance: will your recipient be frustrated at having to input a 6 digit code to authenticate their identity or will they just appreciate the knowledge that their data is safe in your hands?
Key takeaway: Prioritize customer privacy at all times; they'll thank you for it!
Remember: it’s a matter of compliance. No regulatory body accepts excuses, no matter how well meaning. So, the next time you come to send sensitive data and one of the above pops into your head, remember - prevention is better than cure.
Do the right thing - and better than that, do it effortlessly, with Zivver.
