Ask a cybersecurity expert whether you should send your social security number via email, and the answer will be “NO”.
Your social security number (SSN) is a sensitive part of your identity, which in the wrong hands can be used to cause financial and criminal liability.
If you are a business, leaking your clients’ SSNs could mean lawsuits, fines, and penalties.
Sharing personal and other sensitive information via email calls for a lot of caution.
Unencrypted emails pose a significant threat of data leakage to unintended recipients who are most likely to take advantage of Personally Identifiable Information (PII).
To prevent this, you need to be cautious when sending sensitive information over email.
Emails are convenient.
We rely heavily on them for communication with businesses, friends, family, and team members.
Despite their convenience, emails carry great security risks. For example, a hacker could easily eavesdrop on all of your messages if you have previously fallen for a phishing attack.
They will continuously access your messages, waiting for you to share sensitive information such as your social security number or sensitive business data.
Let's look at the risks of sending social security number through email:
Despite being so convenient, email security is yet to catch up to the threats that exist today.
Emails are sent using Simple Mail Transfer Protocol (SMTP) which fails to use either encryption or authentication. Mail sent through SMTP can be accessed easily by a third party, thus compromising any information shared through the email.
Since email does not use end-to-end encryption, messages are sent in plain text which anyone, authorized or not can read.
Our reliance on email both for personal and business communication makes it a valuable source of data for hackers.
Cybercriminals target businesses and individuals alike through phishing attacks which are sent via email as attachments or links to malware or phishing websites.
Either you or the recipient could fall for a phishing scam, which compromises any data you have shared through your email.
If you think the spam filter on your email is enough to stop malicious attacks, think again.
About 94% of all malware attacks in 2021 were via email.
Hackers sent about 6.4 million fake emails in 2021, and this shows how easy it is to fall for a phishing scam and get your account compromised; which becomes worse when the hacker targets a business.
Once your account is compromised, the hacker can choose to eavesdrop or compromise additional accounts on your contact list.
READ MORE: What Is Ransomware?
It's not uncommon to send an email to the wrong person.
When sending social security number through email, such a mistake can be a costly one.
Even if you enter the right recipient, data leaks can occur in transit as they move from one server to the other.
This means that if a hacker successfully hacks into an email server, they can intercept and read your messages (commonly known as man-in-the-middle attacks).
As a business owner, especially when dealing with sensitive data such as people’s social security numbers, you should develop a secure system to send and receive messages to ensure that you protect them from unauthorized access.
Failing to protect such sensitive data also violates GDPR requirements, resulting in fines, penalties, and lawsuits.
Here are examples of companies that paid a hefty price for compliance violations:
America’s Capital One was fined $80 million for a hack that exposed some of the social security numbers on the credit card applications that were accessed during the 2019 hack.
Anthem Inc. was fined $16 million for a HIPAA violation after a data breach resulted in the theft of 79 million people between December 2014 and January 2015.
Deutsche Wohnen SE, a real estate company, was fined €14.5 million for failing to implement GDPR privacy by design regulations and storing tenant personal data without legal basis.
To prevent such problems, the best approach when sending social security number through email is by using encrypted email. Let's talk about that in the next section.
Email encryption includes any steps taken to protect the content of an email from being read or accessed by parties other than the intended recipient.
By encrypting an email, the message is no longer sent as plaintext, it is delivered in the form of scrambled text, only accessible to a person with the right decryption key.
Email encryption uses two main protocols:
Transport layer encryption (TLS)
Transport layer encryption (TLS) secures emails as they move from the sender to the recipient.
This ensures that the email cannot be read after being sent, but before being delivered to the recipient.
Email providers like Microsoft and Gmail use TLS encryption to prevent hackers from reading emails in transits.
However, this is where the protection ends.
If a recipient’s account is compromised, a hacker can still read the message once it arrives in the user’s inbox.
This might not be a problem if all you share is not sensitive information.
But when you are dealing with sensitive data such as business processes and communications, customer data such as account numbers, addresses, social security numbers, and credit card numbers, then TLS encryption alone is not enough.
End-to-end encryption is a protocol designed to secure an email from the sender and send the encrypted email to a recipient.
The receiver then uses their decryption key to decrypt the message and read its contents.
If you are sending social security numbers through email, then you should apply both encryption protocols to keep your message as safe as possible.
Here are some security tips to keep in mind when sending social security numbers through email (or other sensitive data):
The best practice is always to send SSN with encryption software or file encryption software - both services that Sealit software provides. Use email encryption (both in TSL and end-to-end) to add an extra layer of security to your emails.
Apply file encryption for all the files you send via email, which protects the file containing any sensitive information you have shared.
Every layer of security counts when you are sending social security numbers through email. This means using antivirus software and email and file encryption to prevent the common issues that make email a less secure means of sending sensitive data.
Take a look at how Sealit protects emails.