It is not secure
Email has become one of the most prevalent ways we communicate electronically. Hundreds of billion of emails sent every day. And every one of them should not secure. Someone other than the intended recipient could read that email. This is why important information is never sent via email.
It is because email was never designed with security in mind. Many of the email providers out there, like Google’s Gmail and Microsoft’s Outlook, implement security measures to protect your email but it is not fool proof.
The issues comes down to that fact emails are not encrypted by default. Extra technologies have to be implemented to ensure emails secure.
Email is similar to our postoffice system.
- A letter is dropped off at the post office.
- That post office then sorts the letter by region. If the letter can handled by that postoffice, the letter will stay there and delivered the next day. If not at that post office, then it is moved to a regional sorting site.
- There, the letter is sorted by region again.
- If letter’s destination is within that regional sorting area it will then be moved to the closest post office to be sorted by neighborhood and then delivered.
- If not it will be set to the regional sorting location that handles the destination address.
- The letter is is received at the regional sorting site. Sorted by local postoffice and then delivered.
Our email system works in a very similar way with a few big differences.
The first one, and it is a big one, is an email does not contain a envelope. An email is more like a post card than a letter. Anyone that touches that postcard can read the contents.
The second one is that there is not one governing body that handles the delivery process. when an email is sent, you have no control who will touch that email before it lands in your email box. It would be like our postal system randomly handing over your letter to just anyone that said they could get it to you.
Let’s say you need to send some tax information to your CPA. You login to your gmail account and you send the email to, lets say, YourCPA@TheBestCPA.com.
When you hit send, Gmail packages that email, up and looks at the domain name of where you are sending it (TheBestCPA.com) and find the IP address (18.104.22.168) of the email server.
Gmail then sends that email to that IP address and the server then holds that email until it is picked up by the recipient.
Here are the Issues:
Fist, like i said earlier, an email is more like a post card than a letter. It is in plain text with no encryption by default.
Issue 1: If the connection, in this case between gmail and TheBestCPA.com, is not secure, any body that is looking at the connection between those two companies could read that email. The internet service provider, the government, or any bad guy.
Issue 2: Since we do not know where the TheBestCPA.com is located nor do we know who administers the email server. We do not know how protected that email server actually is. We do not know if the email stored on the server are encrypted or not. If the email server gets hacked all the emails could be readable.
The solution is not to stop using email. Email is a reliable mechanism for sending information. It is not reliable for sending secure information. The only way to send secure information is to use encryption and not all email systems support encrypted emails.
If anyone, doctors, CPA, Banks, anyone, request that you send personal information like Social Security Numbers, or bank account numbers, or things like drivers license photos, or passport photos. Request a secure location where you can upload them. Do not send via email.