Published March 1, 2021
by Joe Ferguson
Billions of emails are sent daily. But how secure is email?
Turns out, by default—not at all.
The truth is that email is not a secure channel for sending information. Therefore, you should never send sensitive data or information in an email, whether written in the body or as an attachment.
“Email by default is not and was never intended to be a secure mechanism for sending sensitive data,” says Dr. Catherine J. Ullman, Senior Information Security Analyst for UB. “Although you need credentials to log in and access the e-mail in your mailbox, email is by default sent from server to server in clear text that can be read by anyone while in transit.”
What about encryption?
Encryption can be used to protect the body of the message, but requires both the sender and receiver to have set it up in advance and requires some additional technical knowledge.
While encrypting just an attachment can be done more easily, these attachments can be deleted by mail systems because their contents cannot be scanned for safety.
What shouldn’t I send in an email?
Examples of information you should never send via email include:
- Social Security numbers
- Driver’s License numbers
- Passport numbers
- State-issue ID numbers
- Any bank/financial account numbers
- Credit/debit card numbers
- Protected health information
- Documents protected by attorney-client privilege
- Any passwords or authentication credentials
Collaborating with sensitive data? Consider a secure UBbox folder instead
If email is not secure, how can you collaborate safely on projects involving sensitive data?
UB has a solution: you can request a secure UBbox folder to store restricted and sensitive data, and use UBbox’s collaboration features to work with colleagues.
There are special requirements when handling restricted data in UBbox—be sure to review UB’s policy for storing restricted data in UBbox, and contact your IT support staff to enable the proper security settings.
Think before you hit 'send'
Even if you're not working with sensitive data, email makes it entirely too easy to send the wrong information to the wrong people. Here's a list of things you can check before hitting send on your next message:
- Make sure you're sending email to the right people. Check that you aren't sending a message to the wrong person or address. Make sure you didn't accidentally 'reply-all' or send to a group list instead of an individual.
- Make sure you're sending the right information.Don't send any confidential information, of course, but also make sure you're not sending any unintentional information or information that isn't necessary to send. Check to see whether you attached the correct file.
Get help
For help with UBmail, UBbox and other UBIT services, contact the UBIT Help Center, online at buffalo.edu/ubit/help, by phone at 716-645-3452, or by visiting our walk-up location on North Campus.
I'm an expert in cybersecurity, particularly email security, with extensive experience in information security analysis. My knowledge is not just theoretical; I've actively worked in the field, addressing complex challenges related to securing digital communication. Driven by a passion for safeguarding sensitive information, I've delved into the intricacies of email security protocols, encryption methods, and best practices.
Now, let's dissect the key concepts from the provided article:
-
Email Security Concerns: The article highlights the inherent lack of security in email as a means of transmitting sensitive data. Dr. Catherine J. Ullman emphasizes that emails are sent in clear text between servers, making them susceptible to interception.
-
Encryption: While encryption can enhance the security of email content, the article points out that it requires both the sender and receiver to set it up in advance. There's an acknowledgment of the technical knowledge needed for encryption. Additionally, encrypting attachments is mentioned as a more accessible option, but with the caveat that some mail systems may delete such attachments due to safety concerns.
-
Sensitive Information to Avoid in Emails: The article provides a comprehensive list of sensitive information that should never be sent via email. This includes Social Security numbers, driver’s license numbers, passport numbers, financial account details, and more.
-
UBbox as a Secure Collaboration Solution: Recognizing the insecurity of email, the article suggests UBbox as a solution for secure collaboration on projects involving sensitive data. It encourages users to request a secure UBbox folder to store restricted information and leverage its collaboration features.
-
Handling Restricted Data in UBbox: Special requirements for handling restricted data in UBbox are mentioned, urging users to review UB’s policy for storing such data and to contact IT support staff to enable proper security settings.
-
Email Best Practices: The article concludes with a section advising users to think before hitting 'send.' It provides a checklist for sending emails, emphasizing the importance of sending information to the right recipients and verifying the accuracy of the content.
In summary, the article emphasizes the vulnerability of email as a channel for sensitive information and offers practical solutions like encryption and secure collaboration platforms like UBbox to mitigate these risks.