It’s a question we often hear, cause “don't we all already send emails securely?”. That is what many of us think and that is where it often threatens to go wrong. Because, what exactly do we mean by secure emailing? Are we just talking about a strong password that makes access to the inbox more difficult or does it go beyond? What is understood by secure emailing depends on how aware someone is of the fact that email itself is unsecure.
Various dangers lie between composing a message and the inbox of the recipient. You can’t prevent these dangers by changing your password from “abc123456” to “AbC! @ 34%”. It may keep cyber criminals at bay more easily, but unfortunately external factors are no longer the biggest threat to data security. It is the human error that make email an increased risk in the exchange of data:
By creating more awareness during the entire e-mail process, the chance of errors can be reduced. But, that’s not everything we need to take into account. Not all data needs to be sent in the same way: it still depends on the type of data. There is a difference whether you send an email to colleagues, saying that the cake is ready in the lobby or if you send a colleague the credit card details to have the cake paid.
Let's take a look at the current regulations. The GDPR focuses on the secure exchange of personal data. If this doesn’t happen, the consequences will be for you as an organization. Think about:
For this kind of data it is therefore important to be able to counteract the first outlined dangers. However, there is of course more data that must be sent securely. In short, we can divide it into two groups:
We explain it with some example:
Situation |
Send securely: yes/no |
Do you send an e-mail with personal data, such as a first and last name, an e-mail address and social security number? |
Yes, this is data that must be sent securely under the GDPR. |
Do you send confidential business data, such as passwords for systems and agreements / protocols that are not public? |
Yes, this is confidential data that should not fall into the wrong hands. |
Would you like to inform all your colleagues about the next staff party? |
No, this concerns internal recipients where names and e-mail addresses don’t have to be protected. |
Are you being asked to forward clients / patients / customer file? |
Yes, these types of files are full of information that should not be seen by everyone. |
Are you forwarding files that are publicly available? |
No, if they are public then additional security is not necessary. |
Whether or not an email should be sent securely depends on the nature of the information it contains. So: