Published March 1, 2021
Billions of emails are sent daily. But how secure is email?
Turns out, by default—not at all.
The truth is that email is not a secure channel for sending information. Therefore, you should never send sensitive data or information in an email, whether written in the body or as an attachment.
“Email by default is not and was never intended to be a secure mechanism for sending sensitive data,” says Dr. Catherine J. Ullman, Senior Information Security Analyst for UB. “Although you need credentials to log in and access the e-mail in your mailbox, email is by default sent from server to server in clear text that can be read by anyone while in transit.”
Encryption can be used to protect the body of the message, but requires both the sender and receiver to have set it up in advance and requires some additional technical knowledge.
While encrypting just an attachment can be done more easily, these attachments can be deleted by mail systems because their contents cannot be scanned for safety.
Examples of information you should never send via email include:
If email is not secure, how can you collaborate safely on projects involving sensitive data?
UB has a solution: you can request a secure UBbox folder to store restricted and sensitive data, and use UBbox’s collaboration features to work with colleagues.
There are special requirements when handling restricted data in UBbox—be sure to review UB’s policy for storing restricted data in UBbox, and contact your IT support staff to enable the proper security settings.
Even if you're not working with sensitive data, email makes it entirely too easy to send the wrong information to the wrong people. Here's a list of things you can check before hitting send on your next message:
For help with UBmail, UBbox and other UBIT services, contact the UBIT Help Center, online at buffalo.edu/ubit/help, by phone at 716-645-3452, or by visiting our walk-up location on North Campus.