We’ve all heard the admonition a couple of times to secure our confidential data before sending it as an email attachment. Even a simple password-protected zip file is still better than nothing. On the high end, email encryption using tools like PGP, or the one included with Astaro Security Gateway will insure that your email is protected from prying eyes. There are free tools out there like AxCrypt, the open source file encryption software which allows you to encrypt single files or folders. I have seen a lot of clients sending off bank statements, credit card and social security numbers via email without encryption or protection.
The danger in this is that such emails could end up in the wrong inbox. Many of us have scrambled to recall an errant email seconds after hitting the send button. For Microsoft Exchange users, that works well sometimes. If you are lucky, the wrong address may not exist and you simply get an “undeliverable” message from the other side. But what if that wrong address does exist and your email does contain very sensitive data? Check out this story from The Register:
In mid-August, according to court documents filed in a California federal court, the Wyoming-based Rocky Mountain Bank was asked by a customer to send certain loan documents to a Gmail account belonging to a third party. A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address – along with a file containing confidential information for 1,325 other customers.
After a failed attempt to recall the email, the employee sent a second note to that wrong address, requesting that the confidential email be deleted before it was opened. There was no response, so the bank contacted Google to determine what could be done to ensure that the confidential info remained confidential. According to the court papers, Google would not provide information on the account unless it received a subpoena or “other appropriate legal process.”
So the bank sued.
Such mistakes have cost people their jobs and in some case a little more.