Email: Privacy & Security Considerations

email privacy and security

email privacy and security

Electronic mail (email) has become second nature to nearly everyone. Think about how many emails you receive and send as part of your daily work routine. If it’s only a few, several dozen, or even hundreds, there are a number of things you should consider which tend to be forgotten in the rush of getting things done.

Email Is Not Secure

My favorite analogy here is that an email message is like a postcard you send through the mail: anyone who handles the postcard along the way to its destination can read it because it is in no way hidden from view. There is no envelope to hide its content from curious eyes.

The same is true of email. When you click Send, the email leaves your computer and makes its way towards the email server responsible for sending it to the correct location. This could be in the next room, the next state, or the next country depending on your setup. Once it is sent from the email server, it makes its way across the internet to its destination.

To do so, the email is broken up into small packets, and each packet may take a different route before reaching its destination and being reassembled for the recipient to read.

At any point between your clicking Send and the recipient opening the email, anyone who has access to any of the network nodes along the way can pry into the contents of your message. This could be anywhere from a few to hundreds of people.

Email Is Not Always Instant, Nor 100% Reliable

Even though we are used to email arriving at its destination within seconds, this is not always the case, and occasionally it can get lost. I have witnessed email arriving days after it was sent. Because messages are broken into packets which take different paths to arrive at their destination, the chance of one packet getting held up or lost completely does exist. It is usually a small chance, but one power outage or an accidentally cut Internet cable can prevent an email from showing up in a timely manner or prevent it from showing up at all.

Email Can Get Delivered to the Wrong Person

Email can end up in the wrong hands unintentionally, just as a letter you send through snail mail can end up at the wrong address. Again, it is rare but possible, and it does happen. Not only could you accidentally type in the wrong address when sending an email, there are any number of other factors which can contribute to an email ending up in the wrong inbox or in an additional inbox you didn’t intend for it to end up in.

Email Disclaimers

You have probably seen email from businesses or government officials which contain a bunch of legal disclaimers at the bottom, warning you that the contents are private or that if you mistakenly receive the email you need to delete it immediately lest you become liable for reading something you aren’t supposed to. Aside from the obvious irony that these disclaimers are usually at the bottom of the message—after the content of the email—in no way can they provide any real amount of enforcement or legality due to the way email works.

If you are determined to add a legal disclaimer to your email messages, you should consider putting it at the top of the message, before any content appears. It might make the email itself more difficult to read, but you might actually convince someone to delete the message if they were not the intended recipient.

Solutions & Considerations

Don’t send private information through email. This includes bank account information, trade secrets, medical information, and passwords. (By the way, fax machines are not much more secure – they send messages across phone lines, which easy to eavesdrop on).

If you must send something sensitive, try breaking it up into two or more emails so that if one is intercepted, it won’t make sense without the other(s). For example, if you need to send someone login information to a website, send the username in one email and the password in another. This doesn’t provide complete security, as you never know if the recipient is working on a computer that has been compromised or hacked, but it can at least help ensure that the email is unusable by anyone who reads it along the way.

If possible, use secure, encrypted email (and fax) services to send messages that you don’t want just anyone to be able to read. In certain business settings, secure email can be set up between employees, and there are third-party services that provide secure email when you need it.

Make sure your employees or co-workers understand the importance of knowing that email is not a secure means of communication. Consider making this a part of your employee training and implement an email policy to help prevent the unwanted distribution of secure information.