Our Blog

How secure is email? Hint: not secure enough

how secure is email
By Rachel Dalrymple, Last Updated September 18, 2023

Email is one of the most convenient ways to send a message, particularly for business purposes. Recent reports reveal that users send more than 170 billion emails every day globally.  

But how secure is email?

It’s not nearly as secure as you’d expect it to be.

Too many messages fall into the wrong hands because email is an almost entirely unprotected method of online communication. According to a study, users witnessed nearly five million phishing attacks in 2022 — not to mention many other types of threats. 

If this sounds alarming (and it probably should), read on as we are about to discuss:

  • What makes email messages so insecure
  • How to bypass the problem using different tools and tips

Let’s dive in!

Don’t want to send sensitive information via email? Try Content Snare

Our platform enables you to request information and files from your clients in a safe online environment. The security of your data is our priority.

Start your trial here

Why is email security so weak?

When email was first created in the late 20th century, security wasn’t a priority. 

Email operates through something called a Standard Mail Transfer Protocol (SMTP). The original version of this protocol only supported unauthenticated and unencrypted messages. 

While security measures have improved, there’s still a long way to go. So what makes email security so weak?

1. No encrypted messages

When you send an email, it travels across multiple servers before arriving in the recipient's inbox. While the email is in transit, it can be accessed, altered, and even deleted by server administrators or any hacker or scammer who has breached their security.

While messages travel across networks, the only way to secure them is to encrypt the data. An encrypted message appears like nonsense to anyone without a key to decode the information. 

Most email platforms don’t encrypt messages, meaning your sensitive data is vulnerable to anyone trying to access it in transit. 

2. Data Leaks and Phishing Scams

Nearly everyone who’s used email for regular communication has experienced a message falling into the wrong hands due to a mistyped email address. 

Some email platforms allow you to unsend an email, but only within a few minutes, and only if you’ve configured your email account to allow it. 

Gmail allows you to unsend, but you have to unsend within 30 seconds. Other platforms like Microsoft Outlook allow you to unsend a message, but only if the message has not yet been read by the recipient. 

While these options give you a little extra flexibility, it’s still possible to send a message containing important information to the wrong person.

If you’ve ever sent a message to the wrong recipient, hopefully, it was a harmless mistake and didn’t lead to any compromised information. However, if a message containing financial information, health records, passwords, or personal identification info arrives in the wrong inbox, one small typo can have major social, financial, and legal ramifications. 

Email does not have any method for retracting information sent, even after you realize it was sent to the wrong location.

Phishing attacks are also becoming increasingly common. In a phishing scam, attackers send falsified messages, hoping to trick the recipient into revealing confidential information. 

Scammers often pretend to be someone you know and trust or a member of your company and ask you for things like usernames, passwords, financial information, or other sensitive data. 

These scams are possible because anyone can send you an email if they have your address. 

It’s difficult to block all messages from malicious senders. Phishing attacks are one of the primary culprits of leaked data. 

3. Malware Attacks

Malware is a type of malicious software that can harm your device or network. This software can comb through your email account or your organization’s stored information, stealing any valuable data.

It’s estimated that 2 to 4 percent of emails contain malware

While many email platforms provide scanning services to detect malware, cybercrime technology advances every day. Cyber criminals occasionally are able to find ways to get past the filters, leaving users vulnerable.  

Attackers can send emails that require clicking a link or downloading a file. Once the link is clicked or the file downloaded, the software begins running immediately, working to steal any data accessible from your device.

Sensitive data you should not be sending via email

No one wants to see their data intercepted, but some types of information are more important than others. Here are some very sensitive information you should never be sending via email:

  • Authentication credentials and passwords
  • Social security numbers
  • Health information documents
  • Credit card numbers
  • Financial account details
  • Sensitive personal information or documents
  • Files or information from the scope of the attorney-client privilege
  • Legal files and documents
  • Confidential business information
  • Protected data (GDPR and HIPAA included)

Better options for email security

When email isn’t cutting it when it comes to your security needs, what do you do? Luckily, there are ways to better protect the information you're sending and receiving.

Transit and end-to-end encryption

Email encryption is the first line of defense when it comes to improving the security vulnerabilities of email. An encrypted email turns the data into a jumbled message that the end user must decode before reading. 

This keeps sensitive data safe from hackers and unwanted third parties. There are two commonly used types of email encryption: 

  • Encryption in transit 
  • End-to-end encryption

Encryption in transit protects your information while it’s moving between servers, which is when it’s most vulnerable to hackers. However, this type of encryption gives email providers access to your information, which creates a vulnerability. 

Many people prefer to allow email providers access to their information by using encryption in transit because it allows email providers to create automatically generated calendar invites and keep a record of message history. 

But if you’re looking for the highest level of security, end-to-end encryption is the better option. 

End-to-end encryption means any files, information, or messages you send are encrypted before ever leaving your device and remain encrypted until landing at the final destination. 

If anyone tries to intercept a message while in transit, it will appear to be a bunch of jumbled nonsense. The message is only able to be decoded by the recipient through the use of a private key. 

Many messaging services have started offering end-to-end encryption because of the need for greater security while sending important information. Apps like Zoom, Telegram, WhatsApp, and Microsoft Teams all have end to end encryption options.

Cons of email encryption: It’s difficult

Implementing email encryption is too complex for many users. It requires both the sender and recipient to use compatible encryption methods and exchange a private key securely. In most cases, this deters people from adopting it.

Two Factor Authentication and One Time Passwords

Passwords and PIN codes are excellent tools for improving email security, but they can be compromised. 

Two factor authentication (2FA) and one time passwords add an extra layer of security. 

When two factor authentication is enabled, the user must enter their password to access the files. After entering their password, they’ll be sent a second password through text message or an authentication app. The second password expires immediately after use. This is called a one-time password (OTP). 

A 2019 report from Microsoft found that two factor authentication blocked 99% of automated hacking attempts of email accounts. This security measure can protect against phishing schemes as well. 

If someone attempts to gain access to your account through information gained through a phishing scheme, they’re unlikely to be successful at getting through the second round of password protection. 

Cons of 2FA: Accessibility 

Two-factor authentication often requires users to have access to a secondary device, such as a smartphone, which can be inconvenient or inaccessible in certain situations. Some users also consider it to be time consuming.

VPN for public Wi-Fi

A virtual private network (VPN) is extremely helpful if you access email messages using public Wi-Fi. Public networks are notorious for their vulnerability to cyberattacks, as they lack security measures typically found in private networks. 

When connected to a public Wi-Fi without a VPN, your email communications can be exposed to potential hackers and data sniffers. They can intercept sensitive information like login credentials, sensitive data, or confidential messages.

But if you use a VPN, you essentially create an encrypted tunnel between your device and the VPN server. This prevents malicious actors lurking on the same public network from accessing the message and email attachments. 

Cons of VPNs: Trust

VPN users must place trust in their provider, as they can potentially log your activity and access the data flowing through their servers. That’s why it’s important to pick a privacy-conscious VPN provider to minimize these risks.

Client portals

A client portal is an alternative to email that allows you to securely send and receive information. 

Instead of implementing passwords and encryption to improve email security, client portals avoid the risks of email entirely. Client portals utilize firewalls, malware scanners, and encryption to protect sensitive information. 

Looking for a secure client portal? Try Content Snare 

Content Snare allows you to collect information or files from anyone without fear of interception. 

All files are encrypted in transit, allowing you to rest easy, knowing only the intended recipient will be able to access the files. For extra security, you can set PIN codes and passwords to keep the information safe.

But that’s just one of the perks of using our client portal. Content Snare gives you a range of other features that will help you build successful client relationships:

  • Simple access management
  • Automated reminders
  • In-form conversations with content approvals and rejections
  • Pre-filling
  • Data exports
  • Seamless third-party integrations via Zapier
  • User-friendly dashboards
  • Dozens of ready-made form templates

Collect information from clients securely

Stop sending and receiving important information through email and start using Content Snare’s secure platform to protect your data.

Start your trial


Rachel Dalrymple