Most people take reasonable and obvious precautions to secure their homes – they lock their doors and windows, screen outside vendors that visit their homes, and install security systems to keep the premises safe. However, when it comes to cybersecurity – and more specifically email security – many folks are in the dark about how to send sensitive information via email safely and securely.
Often this is because people are lulled into a false sense of safety around the emails they send and receive, particularly with respect to secure file transfer. It’s just so convenient to receive electronic receipts and confirmations, applications, statements and more. The risk is poorly understood for two key reasons – first, people aren’t attuned to what constitutes personally identifiable sensitive information. And second, the likelihood of email breach on an individual level seems minimal and insignificant.
The truth is that it takes only a smidgen of personally identifiable information for a hacker to work up a scam – it can be as insignificant as an intercepted electronic receipt. A hacker can leverage an electronic receipt to create a phishing scam whereby the email user receives an email ostensibly from the retailer who sent the receipt asking for “confirmation” around details of the transaction. Because the “sender” is familiar and the correspondence feels logical, the user supplies the information and gets fleeced in the process. And this is just one example of how hackers work.
In addition to the lack of understanding around the risks associated with exposing personally identifiable information, the general public perceives that individual risk around email breach is small. However, the reality is that hackers don’t go after individuals – they go after the organizations that send sensitive correspondence to individuals. These types of breaches aren’t limited in scope – the whole customer base is affected.
Beyond hacking, documents flying around cyberspace as email attachments are also vulnerable to government surveillance. This monitoring occurs silently and invisibly and potentially affects every American with an email account. While most people have nothing to hide, the mere thought of secret surveillance is cause for serious consternation.
The bottom line is that no one can assume that email correspondence is confidential and safe. And, if there’s a file transfer involved, it’s doubly important to make sure that there are tools in place to protect the attachment from prying eyes. You can’t count on vendors to protect you, nor can you count on the government.
This is why it’s critically important to be vigilant and take personal responsibility for how the vendors with which you do business send sensitive information and what safeguards they have in place around email security. As for government surveillance, private citizens can expect ISPs to offer email encryption capabilities in the near future.