Stop Sending Email Attachments!

I want you to think about how you share files with others. If you answered “with email attachments,” let me say this: STOP. Now, I realize that when it comes to sharing files with others, no method is more convenient than attaching a file to an email. We don’t even think about it. Every single day someone shares something with me by attaching a file to an email. Some of these cause me no concern, but several times each week I get an attachment that causes me to cringe. I’m not so much worried about the safety of the message (from a virus/malware perspective) because we do have multiple layers of security in place to protect my computer system. I cringe because the information has sensitive or private information in it. Photos, business proposals, financial reports, contracts, health insurance cards, auto insurance cards, etc… all have come to me in the last couple of weeks as attachments to email messages.

Now I do admit that I still do use email attachments as a way to send files to others so I certainly can’t claim that email attachments are the worst thing going from an Internet security standpoint, but I do strongly believe that email attachments are the wrong way to send files to others in many instances. Why?

  • It’s too easy for the recipient to forward the email to someone else along with the file. (Do I want this forwarded?)
  • The file attached ends up stored in multiple places. First, there’s your computer. Second, it’s now in your email storage. Third, it’s now in the recipient’s email storage. Fourth, assuming the recipient saved it to their computer or device, it’s now on their computer. There may be other places where it sits as a copy as it makes its way from your computer to the recipient. (Do I care that there are lots of copies of this out there?)
  • Size limitations can cause problems on one or more sides of the email equation. When you attach a file to an email, it is encoded into a format that always increases the size of the file. It gets decoded on the other end. Some systems have limits on how big an email message can be – and the email gets rejected. (And nothing is secure about the encoding or decoding of the message).
  • Email is often stored on systems in plain, readable text. (If someone gains access to that system, everything is available to be read.)
  • Email lasts forever. (And I do mean forever!)

In a perfect world, you use a secure email system to send sensitive information. Many financial institutions rely on secure email systems for just this reason. The secure email system handles the securing of the message automatically. I won’t go into the details in this article; we will share how that works in a future article. Most of us, however, don’t have easy access to a secure email system — but there are some good options.

Recently a small financial institution I do business with asked me to send my Federal Tax Returns for the last three years. In fact, they asked me to send it via email! No way, Jose. But I did need to get it to them quickly. Instead, I placed the files in a folder in Soonr, the file storage service we use at work. I then created a semi-public link to the folder which was web-accessible. I also password-protected the link and set an auto-expire of 3 days on the link. Soonr made all of this quite easy. I then copied the link and included it an email. The main message to the recipient looked something like this:

You can download the three files by clicking on this link:

https://vip.soonr.com/1/filelink/bxcdw-5scyu5-zhpub5tu

You will be prompted to enter a password. Call me and I’ll give it to you.

If you can’t get to it within a couple of days, the link will automatically expire and you won’t be able to download the files.

Please let me know if you are successful.

I thought about just giving the password in the email message and might have done that if it wasn’t my tax returns. But this method turned out to be about as secure as possible given that I needed to send the files electronically. (I do realize that I lose full control of the files once the recipient has them in his/her hands.) Other times I’ll send a text message with the password and let them know to see email for an explanation.

On his end, it wasn’t hard at all. He clicked on the link which took him to a page where he had to enter the password I gave him over the phone. He then was looking at a page that listed the three files where he could click and download (and which were downloaded over a secure link).

Google Drive, Dropbox, Microsoft OneDrive and SkyDrive, and Box, as well as many other file sharing services, have similar features. We’ve become fans of Soonr* simply because it has a lot of enterprise features.

There are other good options. When tax time rolls around, I share many electronic documents with our accountant through Google Drive. In this instance, I share the folder with the accountant and he maps it to his Google account. This makes it easy to securely move files back and forth between us. Google has a great video that shows how to do this within Google Drive. A quick search on Google or Bing will show you how to do this as well with just about every other file sharing service.

I realize that for some files, using email attachments is perfectly fine. But all of us have files we are sending to others where attaching to an email is simply a bad idea. I would encourage you to find another method to share sensitive files and do it now rather than when the need arises. Otherwise you’ll be tempted to just use email again.

* One important disclaimer – we sell Soonr services…mostly because we believe strongly that it is a great service.