Keep sensitive data safe: don't send in emails

Two students in the Academic Spine.

Published March 1, 2021

by Joe Ferguson

Billions of emails are sent daily. But how secure is email?

Turns out, by default—not at all.

The truth is that email is not a secure channel for sending information.  Therefore, you should never send sensitive data or information in an email, whether written in the body or as an attachment.

“Email by default is not and was never intended to be a secure mechanism for sending sensitive data,” says Dr. Catherine J. Ullman, Senior Information Security Analyst for UB. “Although you need credentials to log in and access the e-mail in your mailbox, email is by default sent from server to server in clear text that can be read by anyone while in transit.”

What about encryption?


Encryption can be used to protect the body of the message, but requires both the sender and receiver to have set it up in advance and requires some additional technical knowledge.

While encrypting just an attachment can be done more easily, these attachments can be deleted by mail systems because their contents cannot be scanned for safety.

What shouldn’t I send in an email?

Examples of information you should never send via email include:

  • Social Security numbers
  • Driver’s License numbers
  • Passport numbers
  • State-issue ID numbers
  • Any bank/financial account numbers
  • Credit/debit card numbers
  • Protected health information
  • Documents protected by attorney-client privilege
  • Any passwords or authentication credentials

Collaborating with sensitive data? Consider a secure UBbox folder instead

If email is not secure, how can you collaborate safely on projects involving sensitive data?

UB has a solution: you can request a secure UBbox folder to store restricted and sensitive data, and use UBbox’s collaboration features to work with colleagues.

There are special requirements when handling restricted data in UBbox—be sure to review UB’s policy for storing restricted data in UBbox, and contact your IT support staff to enable the proper security settings.

Think before you hit 'send'

Even if you're not working with sensitive data, email makes it entirely too easy to send the wrong information to the wrong people. Here's a list of things you can check before hitting send on your next message:

  • Make sure you're sending email to the right people. Check that you aren't sending a message to the wrong person or address. Make sure you didn't accidentally 'reply-all' or send to a group list instead of an individual.
  • Make sure you're sending the right information. Don't send any confidential information, of course, but also make sure you're not sending any unintentional information or information that isn't necessary to send. Check to see whether you attached the correct file.

Get help

For help with UBmail, UBbox and other UBIT services, contact the UBIT Help Center, online at, by phone at 716-645-3452, or by visiting our walk-up location on North Campus.