📬 Avoid encouraging clients to email their documents-have a safe messaging app ready to receive
3 min read

📬 Avoid encouraging clients to email their documents-have a safe messaging app ready to receive

Common email isn't considered secure. Encouraging clients (especially one-off clients) to use email when transferring sensitive information creates significant avoidable risk. This information could be very damaging if the system handling them lost control.
Mailbox with documents and letters in warm orange and deep blue.

Common email isn't considered secure

The CRA doesn't email your T1 after you file annual taxes; instead it asks you to download it directly from their portal. Your bank doesn't send your monthly account statement in an email-it does, you say? Find a new bank asap. The information in these documents could be very damaging if the system handling them lost control.

Encouraging clients (especially one-off clients) to use email when transferring sensitive information creates significant avoidable risk. Your clients could lose control of information that could harm themselves or your business. If you’re a medical professional, journalist, lawyer, or even a politician, there are many reasons why you would want to protect your, or your clients’, information.

News panel of articles showing data breaches (clockwise from top left): "Data breach detected at local medical practice" (This is Reno), "Business partners were largely responsible for the breaches in 2020" (compsmag), "Data breach exposes personal details of over 30k US cannabis users" (Newsweek), "Ambry Genetics Corp hit with class action over 2020 data breach" (ClassAction.org).

When you email a client your bank transfer details so they can transfer payment, that information can sit in their inbox long past the time necessary. If email accounts are compromised months or years later, your business is exposed to risk. Operating in this way makes it so that every year you're in business, you accumulate a backlog of risk, like a snowball growing larger as it rolls downhill.

The current state of business and personal cyber security (1) suggests taking active precautions to protect yourself and your operations. Stolen data could be used to impersonate a person, then take control of their accounts. For those with access to business accounts, the potential damage is magnified.

So what do you do instead?

Use Signal, a tool which you can get for your phone and computer, to send and receive messages and documents.

Signal (Product Profile: Signal) is a tool that is trusted to protect the contents of what we send using it. Unlike email, Signal-exchanged messages and files cannot be accessed by a person who has managed to steal login credentials. Signal messages only get delivered to our phone or linked computer. Our devices would need to be physically stolen for threat actors (Glossary: threat actor) to get those messages.

🛠 Product Profile: Signal
Anyone can use Signal. The messaging tool is particularly good for making direct communication and document transfers safer for your customers and business collaborators.

Cyber theft tends to be opportunistic; passwords get stolen (Glossary: phished) in bulk online, then used to access accounts. Targeting a business for physical theft to access their online accounts is costly enough that threat actors mostly prefer easier and cheaper paths to success.

If you're already using another messenger like iMessage, that tool likely does not meet the criteria for secure document exchange. Signal is end-to-end encrypted, which means that nobody but you and the person you're messaging can read what you're sending each other. This is not the case for all tools and messengers.

Temporary exchange

We can also make sensitive information delete itself when sent by Signal. We can set an expiry before sending transfer details to a one-off client. The message and attached files delete themselves when they no longer need access to that information.

Modal for disappearing messages in Signal.

Think of it like sweeping up the breadcrumbs to protect your business from threat actors who are on the lookout for trails to low-hanging money.

Next steps

Use our instructions to quickly get started with Signal. Then set up Signal on your desktop device to send and receive files safely.

Dog with heart-shaped nose in a screen, AKA the Majorcord logo.

Meta

Helpful words

Sources

  1. https://reports.weforum.org/global-risks-report-2021/executive-summary/