Why Your Email Isn’t Secure

By Dan Buhler
August 30, 2021

Posted in Cyber Security

We regularly talk about how email isn’t secure and isn’t a great way to transmit confidential information.

But in this day and age, where security and privacy are really important topics, why ISN’T email secure already? Why isn’t encrypted email the standard?

We’ll explore both of those questions today.

Why isn’t Email Secure?

We’ll liken email to a postcard: a simple method of communication where you write a message, verify a send-to address, and send away!

When you send a postcard, you aren’t too worried about whether it’s stolen or not because, well, it’s a postcard. It doesn’t hold all your banking information.

And why would you EVER put your banking information on a postcard in the first place?

While you wouldn’t ever do that in real life, that is exactly what you’re doing when you send information over email.

Just like a postcard, an email isn’t secure.

You might be asking, “Why don’t companies just encrypt email by default if that’s the case?”

They don’t because encrypting emails is incredibly complicated when you’re trying to communicate outside of your own organization.

What does that mean? First let’s walk through how to encrypt email.

How to Encrypt an Email

In order to encrypt an email with end-to-end encryption, we must  use an encryption method like PGP, or “Pretty Good Privacy.”

We’re all pretty accustomed to sending and receiving emails. However, implementing PGP creates a lot of friction with that process, as it is quite complicated.

Here is a simplified explanation:

With PGP, you have two encryptions keys: one private key to keep to yourself, and a public key you share with people you want to receive encrypted messages from.

However, in order to send messages to anyone, they must have the encryption system installed too.

That way, they can generate THEIR OWN public key to share with you.

So why isn’t this used Every Day?

This practice isn’t standard because it’s too inconvenient. If the above wasn’t confusing enough, consider this:

To include a third person in your encrypted email thread, that person must install the system and you will need to exchange encryption keys with them too.

Now imagine if you had to exchange keys with everyone you contact BEFORE you can read each other’s emails.

Because of this, only a small percentage of emails sent and received on the internet are actually encrypted.

If this is the first time you’ve heard about any of the topics above, that likely means you’ve never actually opened an encrypted message.

So how exactly do I Share Confidential Information?

At the very least, do NOT send information by email, because email isn’t secure by default.

When it comes to confidential details, we recommend meetings in-person wherever possible.

However if there is no other way and you NEED to send information through online channels, you have a couple options:

  1. Give them a phone call
  2. Use a secure online workspace service like Microsoft Teams, Google Chat, or a similar software

At the End of the Day

Do not share information by email because email is by default, not secure.

While methods like PGP allow the encryption of email, it takes up a lot of time, resources, training, and communicating with relevant parties to the point that it isn’t worth the effort.

Is Your Inbox a Security Disaster?

Email is one of THE MOST COMMON PLACES your organization is vulnerable to cyber attacks.

If you have questions about how to prevent cyber attacks and data breaches, or you’re looking to do better in your data security, connect with us!

Helping people do their best work while staying secure online is what we do here at Clearbridge.