It’s Just Email. How Bad Could It Be?

Amongst all other forms of communication, such as SMS, WhatsApp, Signal, Facebook, and the rest, email remains the most constant. It can become cluttered with a lot of spam, but whether it’s signing up for an online account, sending a mass message to all the relatives, or receiving Starbucks coupons, email seems to be the method of electronic communication that outlasts other platforms.

Don’t get me wrong; I am not saying that email is the best communication medium for every situation. It’s definitely not. However, in order to sign up for Facebook, what do you need? What about resetting the password to your bank account or sending yourself that PDF so that you can print it on another computer? The point is that your email account, even if you may not use it every day, gets heavily relied on in more ways than it should.

The Big Deal

So what’s the big deal? Well, since your email account is tied to so many different parts of your life, it can become a digital variation of all your eggs in one basket.

Think of how many different online accounts you may have. Some of them may be for a forum or those coupons, but you may also have your bank account tied to your email. Do you have a different password for each account (hint: You should!)? Let’s say that you do. If one account gets compromised, everything else is still protected by a different password, so there may be no need for concern. But what if your email account is the account that gets compromised? The bad guy doesn’t need to know your password for your bank, credit card, or Amazon account. He can request a password reset for each of those accounts, click the links that come to your email and boom, he’s reset your passwords so only he knows them. What’s more, he has changed the email address on file, too, so you can’t change your passwords back!

The ability to reset passwords is not the only thing that a bad guy may be able to get from your email account. Was your bank “behind the times” in 2010 such that it emailed you a copy of your loan application? Or maybe your accountant just sent you an email with the subject “Tax Information” that contains every piece of personal information you would want to keep private.

I get it. It’s convenient to send yourself an email with a picture of your driver’s license so that you can upload it to that secure website. Maybe just email your wife the credit card number because she lost her card. What’s my Social Security number? Let me check my Gmail.

It’s a Big Deal for Business Email, Too

This doesn’t just apply to personal accounts, either. Does Human Resources need your Social Security number? Think before you reply with it in the message body. Maybe give them a call instead. After all, if you send sensitive information via email to someone else, it’s now in TWO email accounts. Maybe they don’t take security as seriously as you do. Does your customer want to quickly change their order? That’s fine, but don’t let them send the credit card information over email. The slight inconvenience of a phone call now is much easier to deal with than having to notify them that they’ve been involved in a breach and need a new credit card because your system wasn’t secure.

Gmail, Yahoo, Office 365, and the rest of the email providers all claim to have great security. And while they may, if you’re not careful or aware of what you’re doing, you may have an incident where someone else gets access to your account. It could be a compromised username and password, or maybe a stolen device, but the reality is, it happens.

A Few Email Security Tips

The point is, email is, and for the foreseeable future, will be an excellent communication medium. However, it is not meant to be a storage medium. Don’t keep information in your email that you would normally keep in a safe inside your home. Think twice before emailing sensitive information, take the extra step to set up multi-factor authentication (MFA) on your account, and maybe make your password something other than Spring2020.

If you want to make sure you’re doing your best to keep your organization safe from email-based attacks, contact Sikich. We are happy to help.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author