Email may be the default way to send sensitive information, but it is also responsible for over 90% of data breaches. Make 2023 the year you stop using email to send and request secure information. 

Learn more.

1. What Are Sensitive Documents?

In order to adopt practices that improve information security standards in your organization, it helps to start by identifying what kinds of potentially sensitive information you store and transmit regularly. The kinds of information and documents you should consider sensitive will vary by industry and applicable regulatory controls. 

Here are four common types of sensitive information transmitted documents may contain.

      • Names: full, maiden, and/or other aliases
      • Personal identification numbers: driver’s license, passport, Social Security, and taxpayer IDs
      • Personal contact information: home and work addresses, phone numbers, and email addresses
      • Account IDs
      • Bank account numbers
      • Credit card numbers
      • Customer created PINs
  • Data protected by the Health Insurance Portability and Accountability Act (HIPAA): HIPAA specifies how healthcare organizations must handle PII to avoid potential legal consequences.
  • Data protected by the EU’s General Data Protection Regulation (GDPR): The GDPR stipulates that all enterprises doing business in the EU — regardless of their physical location — are legally obligated to take prescribed measures to protect all PII they store and not to disclose it without expressed consent. 

1. Personally Identifiable Information (PII)

  • Names
  • Personal identification numbers
  • Personal contact information including emails and phone numbers

2. Personally Identifiable Financial Information (PIFI)

  • Account IDs
  • Bank account numbers
  • Credit card numbers
  • Customer created PINs

3. Data protected by HIPAA

  • Medical diagnoses
  • Treatment information
  • Prescription details

4. Data protected by the GDPR

  • Personnel number
  • Telephone number
  • Address

2. Mitigating the Risks of Email Attachments

When employees exchange or collect documents containing any of the foregoing sensitive information types via email, they should apply protective measures. Here are three steps you can take to mitigate the risk of data breaches in email attachments.

1. Password protect the attached document:

Common document file types such Word docs and PDFs contain password protection features that users can set before attaching documents to emails. 

2. Encrypt the attachment:

Users can encrypt attachments in popular business email services such as Gmail and Outlook. Users can find these optional settings in the service’s interface for new messages.

3. Encrypt the entire email:

In addition to encrypting attachments, users can also encrypt the entire email’s content in many services. Email encryption relies on the Public Key Infrastructure (PKI) paradigm, in which a recipient is assigned a public key stored on a third-party server and a private key for decryption stored on a private server.

How to Send Documents Securely via Gmail

Gmail is currently the most widely used business email platform, however very rarely are different security features  enabled, event those that satisfy FTC compliance standards for PII. If you are using Gmail, there are a handful of different encryption options you can choose from...


How to Send Documents Securely via Outlook

Microsoft Outlook offers some encryption options to increase security, but even sending emails with those options (TLS, S/MIME, or OME) enabled is not always compliant under the FTC Safeguards Rule...


What's the difference between email and FileInvite?

One of them gets documents back from clients 80% faster (and it's not email).

Learn more here.

3. Eliminate Risk & Improve Efficiencies with a Secure File Sharing Platform

Although password protection and encryption for email attachments reduce the risk of exposing sensitive information to malicious third-parties, these measures cannot eliminate vulnerability entirely. Successful email attack methods still exist and can often result in attackers gaining control over personal computers or software-as-a-service (SaaS) accounts and escalating privileges to gain wider system access. 

Common threats to email systems include:

  • Malware
  • Spam and Phishing
  • Social Engineering

As defending against these attack vectors depends largely on human behavior — maintaining strong credentials, recognizing phishing and social engineering scams, and not storing sensitive information on unsecured personal devices — organizations that continue to use email attachments as a means of exchanging sensitive information must accept some degree of risk exposure.

Thoroughly eliminating risks involves scrapping email as a file sharing medium and adopting a dedicated secure file sharing platform. Secure file sharing services such as DropBox and GoogleDrive offer users individual and business account types for cloud file storage and exchange. 

4. Make FileInvite Your Document Collection Standard

Not all file sharing services are created equal. Security experts estimate that as much as 40% of SaaS cloud service provider data is unmanaged and exposed to persistent insider threats.

When choosing a service provider, organizations should evaluate the strength of the technologies they employ and the credentials they maintain.

FileInvite is a SOC 2 Type 2 compliant file sharing and document portal platform that protects all data exchanges with 256-bit encryption. Practicing the gold standards of financial information security, FileInvite offers users the highest degree of confidence that their information is protected from all threat types. 





Email vs FIleInvite

5. Related Resources


How Sending Documents via Email Fails to Meet the Updated FTC Safeguards Rule

The FTC's updated Safeguard Rule's requirements around encryption, authentication, and customer data disposal expose email’s security shortcomings, and make it no longer a viable solution.

Learn more »


Is It Safe to Email Tax Documents?

Whether you’re onboarding new clients, or planning to file your own taxes, here are 4 ways to reduce the risks of sharing your PII and PIFI online.

The Evolution of Email and Exchanging Sensitive Info

Email as we know it today has been around for 50 years. And while it has evolved in that time, it is essentially still the same thing using the same decades-old technologies, especially when you consider email security.

Experience the benefits of FileInvite



Boost team productivity by 35% on average

Gone are the days of requesting documents from clients via email. Our client-facing customers have experienced an average 35% increase in productivity as a direct result of implementing FileInvite.


Reduce time to close by 64%

By improving internal and external efficiencies within the document collection process, the entire lending process moves faster, giving you more time to devote to client - and revenue - growth.



Increase application completion rates by 34% 

Give your clients complete visibility into the document collection process - including which documents are due and when, as well as what their requirements are. Not only does this increase application completion rates, but it also improves client experience.

Delight your clients with the FileInvite experience