415 IT Blog
Don’t Share Sensitive Data in Emails
All it takes is one oversight to potentially undo any benefits your cybersecurity protections and other best practices may deliver. For instance, even if you have things like multifactor authentication in place, a phishing scam or even some malware varieties could potentially give an attacker access to your email… and all the data your messages contain, just sitting in your inbox.
This is where these kinds of attacks can get really, really bad, especially if there’s sensitive data being shared via email messages. Once a hacker gets access, they can see it all.
Let’s talk about the kind of data that should never be shared in an email for this exact reason.
What Kinds of Information Should Never Just Sit in an Email?
There are various types of data that you don’t want to include in an email, for numerous reasons. First of all, they’re unprotected there, and we’ve already discussed how simple it could be for the contents of a user’s email to be illegitimately accessed.
Plus, you only have control over your own inbox. Who knows how long an email you’ve sent will sit in someone else’s, just waiting for someone to come and steal the information it holds.
This is why it is so important that the following types of information are only shared through secure means, and that all emails you receive containing them should be deleted immediately. We can implement rules (based on your Microsoft 365 license) to your email platform that periodically scan for such information and try to delete the messages containing any. That said, you and everyone working at your place of business should still be vigilant about not sending or storing these types of data in the body of an email, or even an attachment.
State/Nationally-Issued ID Numbers
From a driver’s license, Social Security number, passport number, or any other government-issued form of identification, this kind of data could be used by a cybercriminal to open many doors and give them considerable power.
Bank/Financial Account Numbers
Similarly, if an attacker were to gain access to an email with the numbers identifying a user’s financial accounts, they are suddenly halfway to accessing them. This kind of information could easily be used to make a phishing attack that much more convincing and therefore effective.
Credit/Debit Card Numbers
Are you sensing a pattern yet? If cybercriminals access these numbers, they can make fraudulent purchases using them… and why wouldn’t they? They aren’t the ones who will be stuck with the bill.
Protected Health Information
This is where things get particularly dicey. Access to this kind of data is a clear violation of a person’s privacy and could be used to make their life more difficult. Plus, a lot of other personally identifiable information is often contained in these records, making their theft a double whammy.
Documents Protected by Attorney-Client Privilege
Similarly, these documents often contain a massive amount of the aforementioned information and data, meaning their privacy is paramount by inclusion. There are only so many reasons that an exception is made to this kind of privilege, and no, a cybersecurity incident is not one of them.
Passwords or Authentication Credentials
This list wouldn’t be complete without the passwords or other authentication credentials that are too often shared via email. These are not things you want a cybercriminal to have access to, only partially because they can easily give them access to all of the above resources.
Make Sure You and Your Team Keep This List in Mind While Using Email
This also isn’t enough. You also need to ensure that all cybersecurity protections are actively being used, from those you implement into your technology to the behaviors the entire team turns into habits. We can help with that. Reach out to us to learn more about our business cybersecurity services. Give us a call at (415) 295-4898.