It’s a question we often hear, cause “don't we all already send emails securely?”. That is what many of us think and that is where it often threatens to go wrong. Because, what exactly do we mean by secure emailing? Are we just talking about a strong password that makes access to the inbox more difficult or does it go beyond? What is understood by secure emailing depends on how aware someone is of the fact that email itself is unsecure.
What makes email unsafe?
Various dangers lie between composing a message and the inbox of the recipient. You can’t prevent these dangers by changing your password from “abc123456” to “AbC! @ 34%”. It may keep cyber criminals at bay more easily, but unfortunately external factors are no longer the biggest threat to data security. It is the human error that make email an increased risk in the exchange of data:
- Using an unsecure public network to send emails;
- Sending sensitive information without applying proper security;
- Sending an attachment to the wrong recipient;
- Selecting the wrong recipient;
- The lack of proper authentication means such as two-factor authentication.
By creating more awareness during the entire e-mail process, the chance of errors can be reduced. But, that’s not everything we need to take into account. Not all data needs to be sent in the same way: it still depends on the type of data. There is a difference whether you send an email to colleagues, saying that the cake is ready in the lobby or if you send a colleague the credit card details to have the cake paid.
Which data you need to email securely
Let's take a look at the current regulations. The GDPR focuses on the secure exchange of personal data. If this doesn’t happen, the consequences will be for you as an organization. Think about:
- Data leaks, where the seriousness is related to the size of the leak / the type of information that has been leaked and the number of victims;
- Financial consequences that can amount to 4% of the worldwide annual turnover;
- Reputational damage and loss of customers.
For this kind of data it is therefore important to be able to counteract the first outlined dangers. However, there is of course more data that must be sent securely. In short, we can divide it into two groups:
- Personal data, so all data with which a person can be identified, and
- Confidential business data that is at the heart of the business.
We explain it with some example:
Situation
|
Send securely: yes/no
|
Do you send an e-mail with personal data, such as a first and last name, an e-mail address and social security number?
|
Yes, this is data that must be sent securely under the GDPR.
|
Do you send confidential business data, such as passwords for systems and agreements / protocols that are not public?
|
Yes, this is confidential data that should not fall into the wrong hands.
|
Would you like to inform all your colleagues about the next staff party?
|
No, this concerns internal recipients where names and e-mail addresses don’t have to be protected.
|
Are you being asked to forward clients / patients / customer file?
|
Yes, these types of files are full of information that should not be seen by everyone.
|
Are you forwarding files that are publicly available?
|
No, if they are public then additional security is not necessary.
But beware: if you add confidential (personal) data, the message must be sent securely.
|
Whether or not an email should be sent securely depends on the nature of the information it contains. So:
- Does it concern personal data that can be traces back to one person, and
- Does the email contain confidential business information that will be shared with external relations?
This it is wise to send a secure email in this case.