FileInvite is a secure alternative to email for document collection and loan applications. Using unencrypted email to collect client files opens your...
How to Securely Send Sensitive Documents via Email
Email has become the default for communication and document requests, but there are a number of steps you must take in order to email secure documents safely.
Although text and instant messaging apps have become globally adopted for everyday use, email remains an integral part of personal and professional communications. In fact, over half of the world’s population — 55% — regularly uses email. The total number of users has continued to rise by tens to hundreds of millions annually from 2017 through the present and is on track to reach 4.6 billion by 2025. In business, employees rely heavily on email to exchange documents and information. While convenient for the sender, the use of email as a file sharing system creates inefficiencies in your workflows and introduces risks of exposing sensitive information.
- For 92% of employees, email is the primary channel for reviewing and collaborating on documents.
- Nearly half of employees — 46% — report time-consuming challenges in finding the documents they need.
- On average, employees share six documents daily via email.
- Document-related issues associated with email file sharing account for approximately 21% of daily productivity losses in businesses that rely on document creation and management.
As email will likely continue to be a key channel of business communications for the foreseeable future, businesses should be aware of the information security risks associated with email servers, accounts, and attachments.
After all, knowing how to securely send documents via email can greatly reduce the chance of costly data breaches in your day-to-day operations.
What Are Sensitive Documents?
In order to adopt practices that improve information security standards in your organization, it helps to start by identifying what kinds of potentially sensitive information you store and transmit regularly. The kinds of information and documents you should consider sensitive will vary by industry and applicable regulatory controls.
Here are four common types of sensitive information transmitted documents may contain.
- Personally Identifiable Information (PII): The U.S. General Services Agency (GSA) defines PII as any information that a third party could conceivably use to trace and establish an individual’s identity. PII may consist of a single data point or involve a combination of multiple non-PII data points. The most common are:
- Names: full, maiden, and/or other aliases
- Personal identification numbers: driver’s license, passport, Social Security, and taxpayer IDs
- Personal contact information: home and work addresses, phone numbers, and email addresses
- Personally Identifiable Financial Information (PIFI): Financial institutions create PIFI when they render services such as account creation and management. Examples of PIFI — excluding PII — include:
- Account IDs
- Bank account numbers
- Credit card numbers
- Customer created PINs
- Data protected by the Health Insurance Portability and Accountability Act (HIPAA): HIPAA specifies how healthcare organizations must handle PII to avoid potential legal consequences.
- Data protected by the EU’s General Data Protection Regulation (GDPR): The GDPR stipulates that all enterprises doing business in the EU — regardless of their physical location — are legally obligated to take prescribed measures to protect all PII they store and not to disclose it without expressed consent.
Mitigating the Risks of Email Attachments
When employees exchange or collect documents containing any of the foregoing sensitive information types via email, they should apply protective measures. Here are three steps you can take to mitigate the risk of data breaches in email attachments.
1. Password protect the attached document:
Common document file types such Word docs and PDFs contain password protection features that users can set before attaching documents to emails.
2. Encrypt the attachment:
3. Encrypt the entire email:
In addition to encrypting attachments, users can also encrypt the entire email’s content in many services. Email encryption relies on the Public Key Infrastructure (PKI) paradigm, in which a recipient is assigned a public key stored on a third-party server and a private key for decryption stored on a private server.
Eliminate Risk with a Secure File Sharing Platform
Although password protection and encryption for email attachments reduce the risk of exposing sensitive information to malicious third-parties, these measures cannot eliminate vulnerability entirely. Successful email attack methods still exist and can often result in attackers gaining control over personal computers or software-as-a-service (SaaS) accounts and escalating privileges to gain wider system access.
What's the difference between email and FileInvite? See a comparison here »
Common threats to email systems include:
- Spam and Phishing
- Social Engineering
As defending against these attack vectors depends largely on human behavior — maintaining strong credentials, recognizing phishing and social engineering scams, and not storing sensitive information on unsecured personal devices — organizations that continue to use email attachments as a means of exchanging sensitive information must accept some degree of risk exposure.
Thoroughly eliminating risks involves scrapping email as a file sharing medium and adopting a dedicated secure file sharing platform. Secure file sharing services such as DropBox and GoogleDrive offer users individual and business account types for cloud file storage and exchange.
Bank-Grade File Sharing Security with FileInvite
Not all file sharing services are created equal. Security experts estimate that as much as 40% of SaaS cloud service provider data is unmanaged and exposed to persistent insider threats. When choosing a service provider, organizations should evaluate the strength of the technologies they employ and the credentials they maintain.
FileInvite is a SOC 2 Type 2 compliant file sharing and document portal platform that protects all data exchanges with 256-bit encryption. Practicing the gold standards of financial information security, FileInvite offers users the highest degree of confidence that their information is protected from all threat types.