News

Best Practices for Sharing Sensitive Online Account Information

If you’re not careful, the communication tools you use every day might be exposing sensitive information about yourself, your business, or your customers, to some nefarious characters. Hackers and identity thieves are real, and many of them use some form of “digital snooping” to collect the information they need to do their damage. Usernames, passwords, account numbers, and other kinds of sensitive information are being stored and transmitted every day via digital channels all over the world.

The point of this post is not to scare you, but to help you handle sensitive information responsibly. After all, this kind of information does need to be shared for legitimate reasons all the time. We can’t just throw up our hands and say “no more sharing of information!”

Here are the pros and cons of various ways you could share sensitive information with another party:

Phone

The good, old telephone is a pretty good option for sharing sensitive information. Anything discussed on the phone is only going to be heard by you and the person on the other end. Phone conversations also don’t leave a record behind (there’s a reason lawyers like to call people on the phone rather than sending emails).

Pros: easy to use, ubiquitous, doesn’t leave a record, high expectation of security

Cons: inconvenient if the other person can’t answer the phone when you call (and you should not leave a voicemail with this information)

Email

Email is certainly the most convenient and common form of business communication. However, this means it’s also highly-targeted by scammers and identity thieves. If someone gains access to your email account, they can wreak all kinds of havoc and infiltrate your other accounts using the common “forgot password” feature of every website. However, email communication can be hardened if you take some precautions. The best thing you can do is not send credentials (username, password, etc) in the plain text body of an email. If a hacker gains access to your inbox they can do a simple text search for the words “username” or “password” and then start accessing your other accounts.

So, what alternative ways can we use email for sensitive communication? The most common strategy employs some kind of “temporary” or “expiring” link to click on to access the sensitive information (or file). It’s hard to do this by yourself, but there are quite a few tools out there you can use to make your life easier and more secure.

Snapmail is a FREE service that integrates with Gmail and converts the content of your email into a simple link that the recipient must click on to view the contents of your email. Snapmail encrypts the contents of the email and then initiates an automatic “self-destruct” 60 seconds after the link is clicked. The reasoning is that even if a hacker gained access to your inbox and clicked on the same link, that content will already have self-destructed before they got to it.

Several other popular services like Dropbox, Box, and ShareFile also implement the “share a link that automatically expires” strategy. These services also provide encrypted storage of your content, so you can manage the storage and sharing of your sensitive content in one place, which is convenient.

Pros: easy to use, ubiquitous, quick

Cons: large target for hackers, leaves a digital trail, takes some effort to use responsibly and securely (normally using a 3rd party tool)

SMS

SMS (text messages) share some traits of both phone and email communication. Most people have a phone that can receive SMS messages, and they are easy to send and receive. However, if the recipients phone is left unlocked (or doesn’t have a passcode), then the contents of SMS messages can be read by anyone possessing the phone. Most phones keep SMS messages around for quite a long time unless the person explicitly deletes them, which leaves a large digital trail behind. In addition, things like Apple’s iMessage and iCloud keep backups of your messages and sync them to other devices, including your laptop. That means if someone is looking over your shoulder at your laptop when you receive an SMS message, they could unintentionally see the contents of that message.

There are some 3rd-party messaging apps that support “self-destructing” SMS-like messages to be sent between two parties, but these apps require that both parties have the app installed, which is not likely for business communication.

SMS messages are commonly used today in “two factor” authentication systems to prove the identity of a user in addition to a username and password. For this purpose they are well-suited. But you’re probably better off using the telephone or one of the more secure email strategies above if you need to send sensitive information, rather than SMS.

Pros: easy to use, ubiquitous, quick

Cons: leaves a digital trail, vulnerable to prying eyes on a phone or laptop

FAX

Even though FAX is a very old technology, it’s still commonplace for businesses to FAX documents around. The twist is that most people these days are using electronic faxes (eFax) which converts traditional paper faxes into emails with attachments. Electronic FAXes now share the same vulnerabilities as email! If you’re still using paper faxes, you run the risk of that FAX being printed on a FAX machine in a common area on the recipients side, making it privy to anyone walking by.

Pros: low chance of being intercepted during transmission

Cons: inconvenient (compared to other choices), vulnerable to prying eyes, leaves a paper trail

Postal Mail

This may seem like an odd one to include, but the US Postal Service handles sensitive documents all the time. Legal documents, tax forms, paper checks, credit cards, and more are still sent every day via postal mail by businesses and government entities. Of course, your letter will take anywhere from a few days to a week to arrive, but if that’s a timeline you can live with, then postal mail might be a good option.

Pros: anyone can receive a letter, trusted by government and businesses every day

Cons: not instant, delivery time is measured in days, leaves a paper trail

Think before you press send!

Ask yourself if what you’re sending is sensitive information, and if so, make sure to follow the recommendations above to keep that information as private as possible.

Executive's Guide to Web Development

80 pages of topics and tips to navigate your way to a better website.

Leave a Reply