Why are we still sending unencrypted emails?

Who is stealing your sensitive details?

Much of my work involves multi £million dispute resolution where clients expect communications to remain confidential or privileged. But clients still send me highly sensitive business information and bank account details in unencrypted emails. 

A reminder of the dangers came from a rather surprising source today. One of my clients received a letter from HM Revenue & Customs where they set out the risks associated with sending information to them in emails. In their letter HMRC warned the client that using unencrypted emails could lead to the following risks:

  • Confidentiality and privacy – there’s a risk that emails set over the internet may be intercepted
  • Confirming your identity – It’s crucial that communications are with established contacts at their correct email addresses
  • They warn there is no guarantee that any email received over an insecure network, like the internet, has not been altered during transit
  • Attachments could contain a virus or malicious code.

The advice went on to suggest either “desensitising” information in emails or using encrypted emails. 

The current global pandemic will continue to provide plenty of opportunities for fraud and opportunism. For example, there has been a substantial increase in phishing emails asking for either passwords, or inviting us to open attachments or to click on links.  

Perhaps fraudsters recognise that as most of us are currently working from home on personal computers rather than office machines. This means we are operating outside corporate secure systems and procedures that we would have in the office.

Please now remind yourself and colleagues of the risks of doing so. I encourage all my clients to avoid including sensitive information in unencrypted emails, to password protect documents and memory sticks they send me and not to include bank account details in unencrypted emails.

While on this subject, we also need to check the urls of the sites we browse. Google say there are currently over 2 million phishing websites. Google’s Transparent Report contains up-to-date statistics and a tool for checking whether a site is safe (http://tiny.cc/safe-browsing).

In summary, we need to check the url of sites we visit, only open emails from trusted sources, encrypt sensitive emails, documents and memory sticks, use password managers and a VPN to access office files when working remotely.

What precautions do your organisations recommend and do you use encrypted emails for sensitive communications? Please share your own experiences in the comments box below or in an email to me. I am interested to hear your experience.

Keep Safe everyone,

Charles Lazarevic