Protecting Your Data

It seems that our personal data is easily stolen.  We all have been warned about emailing sensitive information – either inside the body of the email or as an attachment.  And yet we still do it.  Many companies still send out credit card forms and signature details.  Medical offices use email for their patient communication.  Many people simply accept and return these emails containing everything from their financial balances to their medical history. We are trading convenience for security.

Emails are vulnerable to cyber theft because they are stored in several different places, including, of course, the sender’s and receiver’s device.  If someone hacks into your computer, your email is just sitting there for them to read.  Rifling through email is now the most common process of malware, and malware is everywhere.  The other points of possible attack are the sender’s / receiver’s Internet Service Provider (think Gmail).  In addition, there are many network connections between your devices and these email providers.  How could you possibly know if all those connections are secure?

And that’s not the only place where a copy of your email might be stored.  Each email service provider keeps messages in archive on its own servers, which can be hacked and messages downloaded by cyberthieves.  The bottom line: once an email message leaves your server, or leaves the sender’s server, it’s out of control.

What can you do?  The first and simplest rule of cyber safety is never to send sensitive information in an email message or an attachment (unless it is encrypted). That means avoid including Social Security numbers, passwords, sensitive tax or investment account information, and even date of birth in your messages, even to people you trust.

If you must communicate this type of information, there are a variety of safer ways such as uploading the data to a shared folder (such as OneDrive or Google Drive).  You could encrypt your email messages using programs like Infoencrypt or SafeGmail.  The messages are encrypted at the sender’s computer and decrypted within the recipient’s browser, and they remain encrypted in both the sender’s and receiver’s email boxes.  Hackers who gain access to your computer, to the service providers or the archives come away with nothing but unreadable gibberish.

Yes, protecting yourself sounds like a hassle (and it is).  But, these programs, and others, are much more user-friendly than they were ten years ago.  Remember, that being security focused takes a lot less time than trying to deal with a stolen identify.