I have had a couple of conversations with organisations recently about email security.
Sending an email is like sending an electronic postcard, anyone can intercept it and read the content. We all know when we write a postcard that the postman reads it before he delivers it. That's why so many postcards go along the "wish you were here" line.
Email is no different, it can be intercepted and read. Talking with a range of organisations recently, you would be surprised what they will put in or expect to be put in an email that is unencrypted.
A common request is credit card details. One charity I worked with used to relay credit card details across the organisation via email. Not only is this a breach of PCI DSS (the credit card security standard) but means that those credit card details are insecure. And its not just small organisations that have this misconception. A large hotel chain recently asked me to confirm a booking by sending my credit card details back by email.
Next is the transmission of personal information across an organisation. How often does an organisation send a spreadsheet of personal information within an organisations without protecting it? If you send personal information, take steps to protect it.
A common misconception is that sending an email internally means it is secure as the perception is that it doesn't go outside the organisation. Most emails go outside the organisation and then come back in again, just because you are sending it within the organisation does not make it any more difficult to read.
Finally there is the scope to send the email to the wrong person. With the ability to store numerous email addresses in an email programme, it can be
very easy to select the wrong name from the list especially if you have a lot of one name. How many Richard's are there on your list? (there are four on mine). Do you always get the right one? Always check before sending that you have the correct addressee.
So here are a couple of basics
- Email is like a postcard, treat it as such and think of it in this way. Would you put that information on a postcard?
- Sending an email with personal information in it - password protect it ( and don't send the password in the same email as the information!).
- DO NOT PUT CREDIT CARD DETAILS IN AN EMAIL. It leaves the information vulnerable to theft.
- Always make sure that you are sending the information to the correct person.
- Have an email policy which outlines the organisations expectations, it means staff all understand the rules of email.
No comments:
Post a Comment