Why you shouldn’t email confidential personal data
When you send an email, it is equivalent to sending an unsealed letter that can be passed on by and to others. This open letter will also sit on mail servers until deleted.
You have no control over the contents or ultimate destination of an email once it has been sent.
The best way to think about data security is to put yourself in the recipient’s shoes. If that information pertained to you, how vulnerable you would feel if it fell into the wrong hands or got into the public domain?
It is a sad but true fact that there are ‘people’ who set out to steal personal or sensitive data and use it for financial gain. If personal or sensitive data that you have sent is later gathered by a malicious third party, you stand to lose the trust and confidence of your clients or customers. You could also have a serious data breach on your hands and, if the breach is serious enough to attract the attention of the Information Commissioner Officer, you could face a significant fine.
This is what happens when you send a regular email:
- Your mobile device or computer forwards your email to your outgoing mail server
- Your outgoing mail server forwards the message to the recipient’s incoming mail server
- The incoming mail server stores the email until it is picked up
- The receiving device or computer logs into the incoming mail server and requests its new messages
- The incoming mail server forwards the email to the receiving computer
- THE RESULT
You have placed someone else’s personal information without any protection on two servers
You have little control over how long the data will be there and who might manage to get access to it
You have not complied with good data protection practice
You do not have a secure audit trail
You may face fines for a data protection breach
Email was not designed for sending confidential information or attaching confidential files. You know nothing of the security or maintenance of the receiving email server.
Most people do not actively manage their sent items, so any sensitive data sent is on your outgoing mail server for a long time. You trust your server implicitly, but even so, if your email account is compromised months later, the data you have sent may be accessible.
By contrast, secure file sharing and synchronisation software is designed for sending and sharing confidential information.
For many months we scoured the market for the best file sharing software and we chose FileCloud because it is very easy to use and includes powerful ransomware protection. We have been selling FileCloud since November 2016. When purchased through nTrust Systems, this is what happens:
- You move your file from the working folder on your mobile device or computer to the File Cloud folder – simple ‘drag and drop’
- The file is now stored securely on the FileCloud server. With nTrust FileCloud, your data is encrypted and stored on our own private server is in a highly secure Surrey datacentre
- You set access permissions and the recipient receives an email with a secure link to the server
- The recipient logs into the FileCloud server via the link
- The recipient accesses the file – you can give permission for them to download or share it if appropriate
THE RESULT
You have securely moved the personal data to them and it is now in the intended recipient’s care
You have an audit trail for the confidential data
You have proof that you dealt with the data in a secure manner
If your business moves confidential personal data from one place to another, we recommend using a secure file sharing solution. When selecting this, check ease of use and where the data is stored. Ideally you will want your data on a server in the UK under the control of people you know and trust.