Key Takeaways
- Phishing emails are common; 3.4 billion are sent daily, leading to million of dollars in losses.
- Most popular email clients lack at-rest encryption, making sensitive data vulnerable.
- Giving third-party access can pose security risks, potentially exposing valuable personal information.
Considering how ingrained email is in our daily lives, you might think it’s a perfectly safe and secure method of communication. Yet, because of its convenience, we tend to overlook its inherent security flaws.
Phishing Emails Are Rampant
With 3.4 billion phishing emails sent daily, it’s one of the most common ways for a hacker to access your computer and credentials. While email clients can detect phishing emails by examining the sender’s address, email content, and email links and comparing them to identified spam emails, fraudulent emails always find their way through the cracks. Hackers are always finding inventive ways to outmaneuver spam filters.
If a scam email lands in your primary inbox, it’s up to you to discern whether it is real.
No At-Rest Encryption
Emails are encrypted while in transit. This is to say it’s encrypted while your email travels from you to the sender. When it lands in an email inbox, it is decrypted and remains open for all to see. One of the biggest flaws with most email clients is that emails are stored in plaintext. That means every email containing financial documents and sensitive personal information can be read should the email client or your account ever be compromised.
While the most popular email clients don’t encrypt data at rest, security-focused email clients like ProtonMail, Tutanota, StartMail, and Mailfence do.
The reason more popular email clients such as Gmail and Outlook don’t encrypt emails at rest is because doing so would make indexing emails impossible. If even Google and Microsoft can’t see the content of the email, searching for it at a later time becomes impossible.
Granting 3rd Party Access
I’ll admit that I give third parties access to my Google account almost whenever they ask. It happens so often, and it’s so convenient to grant this access that doing so has become a habit. However, giving these dozens of third parties access to my Google Workspace comes with a host of security issues.
Before allowing third-party access, you should consider the permissions you’re granting the third party. Some may only require your name and email (which can be and enough) while others demand read/write permissions to your admin account and access to sensitive data.
This is all perfectly fine if these third parties never get hacked. The problem is that you’ve probably integrated your account with so many third parties that it’s only a matter of time before these third-party companies are hacked and your data is jeopardized.
Sensitive Information Gold Mine
If certain accounts of mine are hacked, it’s no big deal. There’s little valuable information in my ESPN account, but a mine of sensitive information in my Gmail account. For a hacker, gaining access to someone’s personal email is the holy grail of personal data. Think of all the information you have stored in your email.
In my email account, I have emails dating back five years. Among these emails, a hacker can no doubt find information about my health, finances, social security number, and an eclectic mix of information they can then use to gain access to my accounts or create a number of compelling social engineering attacks. At the very least, they could bundle this information and sell it on the dark net for all to see.
Your email client stores some of your most valuable information. For this reason, you should implement new security measures, consider using a more secure email client, and learn how to identify phishing attacks.
