E-mail is a Great Tool, but It Shouldn't be the Only Tool for Sharing Information
E-mail is a great tool but it shouldn't be the only tool to share information, especially confidential information shared beyond the corporate firewall.
16 June 2016
E-mail remains the leading information sharing application on the planet and has often been called "the killer app," defined as an application considered so necessary that it actually drives people to buy a computer or other access device. E-mail is still so essential in the business world that new hires typically have an account provisioned for them by their first day of work. E-mail is often the most frequently used application in the corporate world on mobile devices.
Even in consideration of the enormous popularity of social media today, e-mail still has more users worldwide and will continue to have more users for years to come. Data from The Radicatti Group’s Email Statistics Report, 2014 – 2018 makes this point:
|Worldwide E-mail Users (Millions)||2,504||2,586||2,672||2,760||2,849|
|Worldwide Social Networking Users (Millions)||1,202||1,319||1,443||1,573||1,709|
Email Statistics Report, 2014 – 2018, The Radicatti Group
Radicatti estimated in 2015 that somewhere around 205 billion e-mail messages are sent every day. That's 74 trillion messages a year. Of course, about 90% of those messages are thought to be viruses and spam; nevertheless, 7.4 trillion legitimate messages a year is still a huge number.
People use e-mail to share information through the messages themselves, as well as through attached files. And, people use e-mail to send every imaginable type of information, ranging from the mundane to the highly personal or highly sensitive, despite the inherent insecurity of e-mail platforms.
E-mail messages can make their way completely around the world in mere minutes, hitting numerous servers and relay stations along the way that forward the messages without delay. Senders and recipients can be on different e-mail platforms and completely different devices and messages still get through essentially in real time. That's actually quite impressive. However, as an application, e-mail is designed to deliver messages from one person to another — without regard for the security of the content.
Em-ail is convenient, easy to use and nearly ubiquitous, but is it secure?
If there's a weakness in the distributed design of e-mail applications, it's that messages can't be retracted once they are sent. Once a message arrives at a recipient's in-box, it can't be taken back. Sure, Outlook has a "recall" option but it rarely works the way you'd want it to if you really need to retract an errant message. It basically puts a notation on the message in the recipient's in-box that says you want to recall the message … but that only makes it all the more tempting for the recipient to want to see.
E-mail simply is not a secure data sharing platform — and it never was intended to be. It's possible to apply some security techniques, such as encryption of attachments, but that gets complicated and often requires add-on tools. E-mail can easily be compromised on the sender's device, on the network, on the e-mail server and on the recipient's device. One of the most common things that malware does once it gets on a network is go through e-mail systems to look for sensitive information.
E-mail messages can't be controlled once they leave the sender's account. They can be forwarded. They can be printed. They can be addressed to the wrong person or people. They will be replicated at every hop of the Internet to get from here to there, and they will get stored and backed up and replicated again for long-term storage as some companies choose to or are required to archive their e-mails for years.
Before You E-mail a Sensitive Business File, Ask Yourself These Questions
Clearly, e-mail is convenient, but it isn't always the most appropriate tool for sharing information. The lack of controls, the number of exposure points and the range of malware discussed above can lead to data breaches. Thus, anyone who is about to hit send on a message should stop and ask themselves:
- Is the information I am about to send regulated? Does it contain any personally identifiable information (PII), private health information, cardholder data information or any other sensitive information?
- Is the information I am about to send confidential to my organization? Would it cause a problem if this information were to go beyond my intended recipient?
- Is this information so sensitive that it should not be distributed in plain text? Does it need a control such as encryption to protect the information?
- Do the people listed as recipients of this message really need to have this information? Are the right recipients — and only the right recipients — showing up in the "To" or “CC” fields?
- Should I be using a more secure way to send this information that gives me more long-term control over it?
E-mail is a great tool but it shouldn't be the only tool you use to share information. All organizations have sensitive or confidential information that internal people need to share among themselves or with people outside the organization. E-mail is never the appropriate means for sharing this kind of sensitive or confidential information beyond the corporate firewall.
It's incumbent on organizations to provide both the means to securely and efficiently share information and the personnel training to ensure that their staff picks the right tool for the job. Interested in learning more? Visit our technology solutions.
Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.