July 19, 2019
By Beth Jones, RLP®, AIF®, CFT™
What You Can Do About Data Protection
Companies and consumers have been warned against sending out sensitive information as email attachments. Yet many companies still send out credit card forms and signature details; medical offices use email for their patient communication. Our personal information has never been so easy to steal. And mostly we have ourselves to blame. People accept and return emails with attachments that contain everything from their financial balances to their medical history. After all, the message is directed only to the recipient, so what can go wrong?
Emails are particularly vulnerable to cyber theft because they are stored in a variety of places, including, of course, the sender’s and receiver’s device. If someone hacks into your computer, your email is just sitting there for them to read. Rifling through email is now the most common process of malware, and malware is everywhere.
The other points of possible attack are your Internet Service Provider and the Internet Service Providers of your senders and recipients. While Gmail is known as the gold standard of free email service (it screens your emails for viruses and malware), network connections between various email providers could leave your emails open to attack. How could we possibly know if all those connections are secure?
And those are not the only places where a copy of your email might be stored. Each email service provider keeps messages in archives on its own servers, which can be hacked and messages downloaded by cyberthieves. The bottom line: once an email message leaves your server, or leaves the sender’s server, it’s out of your control.
What can you do? The first and simplest rule of cyber safety is never to send sensitive information in an email message or attachment. That means avoid including Social Security numbers, passwords, sensitive tax or investment account information and even date of birth in your messages, even to people you trust.
There are a variety of safer ways to share sensitive information, including ShareFile, PeerLink, Box, FileCloud and DropBox. Similar secure servers are now used by most accounting firms. We have our own private server at Third Eye Associates: My Financial Vault. If you haven’t signed up for it yet, call or email Jennifer to get set-up (email@example.com).
You could also encrypt your email messages using programs like Infoencrypt or SafeGmail. The messages are encrypted at the sender’s computer and decrypted within the recipient’s browser. They remain encrypted in both the sender’s and receiver’s email boxes. Hackers who gain access to your computer, to the service providers or the archives come away with nothing but unreadable gibberish.
While protecting yourself sounds like a hassle, these programs and others are much more user-friendly than they were ten years ago. I recommend you use Gmail in conjunction with fully functional security software such as Norton Security or TotalAV to guarantee your computer’s safety. Being careful with your messages takes a lot less time than dealing with stolen identity or having your personal information floating around the Dark Web.
Beth Jones, RLP®, AIF®, CeFT®
Certified Financial Transitionist®
Registered Life Planner
Third Eye Associates, Ltd. is a Registered Investment Adviser