Data Protection: Safeguarding Your Data in Emails

Emails are a fast and convenient way to transmit information — a lot faster than postal mail and a lot more convenient than faxes. (Remember the noise those made?) It’s hard to recall a time when we didn’t have email to rely on as a way to communicate. Especially in our businesses, we need to relay important information — often in a hurry.

But there are many types of information you shouldn’t put in an email or you risk the wrong person getting a hold of it. Information you should NEVER put in an email — personal or business — includes:

  • Social Security numbers
  • Passport numbers
  • Driver’s license numbers
  • Credit card numbers
  • Banking information like account and routing numbers
  • Account usernames and passwords

That doesn’t just mean you should avoid putting this data in your email body — it also means you shouldn’t attach documents or photos that include this information either. 

Dangers of sharing personal data via email

The above examples — and a lot more data — are considered Personally Identifiable Information (PII). This is data that can be used to identify a person and isn’t readily publicly available. 

Transmitting your own PII via email is potentially damaging for you, but transmitting others’ PII in your business likely means you’re violating major industry regulations like the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). Violating these regulations can have serious repercussions for your business, like costly fines and damage to your reputation with your customers and in your industry.

Social engineering attacks — cybercriminals manipulating relationships to gain access to data or funds —  make it incredibly easy for your emails to be hacked. That means that all the information you shouldn’t have been sharing can become available to those who might hack your systems. 

And don’t forget about password safety. If you — or anyone else on your team — haven’t been careful with your passwords, you could end up hacked and allow access to this personal data. 

Encrypt emails to increase safety

While you still should not exchange any kind of PII by email, encrypting emails does protect your messages, sensitive or not.

Why bother encrypting? With access to your email, hackers could do a lot of damage, including impersonating you to gain access to others’ data. Encryption also ensures that emails you send aren’t vulnerable to hacking when they reside in recipients’ inboxes. 

How to encrypt Gmail messages

  1. Turn on S/MIME in your Google Admin console. 
  2. Confirm incoming and outgoing messages are encrypted. 

Encryption is not available on all Gmail accounts, making it not an ideal way to exchange business information. 

How to encrypt Outlook messages

Outlook offers several ways to encrypt messages depending on your situation, including: 

  • Using S/MIME
  • Using Microsoft 365 Message Encryption
  • Encrypting a single message
  • Encrypting all outgoing messages

Similar to Gmail, how you encrypt Outlook messages will depend on your administrative settings and the version you’re using. 

Need help with email security?

Ensuring you’re protecting your organization’s data  — and the data of anyone else —  in email is an absolutely crucial part of your cybersecurity efforts. To put your mind at ease, Cenetric can perform compliance audits across your network and make sure you’re minimizing risks without harming productivity. 

Cenetric has the experience and availability to help you prevent email hacks— or respond if you’ve already been attacked. Let’s set up a time to talk about cybersecurity. 

This is an installment in a three-part series about keeping yourself and your company safe from data theft. Check out the rest of our series on protecting your data in mobile apps and on Wi-Fi networks.