Like all things.. It's complicated. This used to basically always be true, the sending email provider and the incoming email provider were almost always the same company/computer, so this would be safe. This isn't universally true anymore though. Lots of companies have different providers for incoming and outgoing email now(for various reasons, like spam protection, fraud/security, etc). If that's the case, then it's anyone's guess in how secure that handoff between providers is. You should reach out to your internal IT support/helpdesk and ask them what they think of this behaviour.As a physician, we emailed sensitive patient data every day to others within our institution. PDFs with medical records, group discussions about prognosis, summaries of team meetings about a patient were e-mailed to all present, etc. When emailing outside our institution we were supposed to encrypt the email. But internally, no. However, I've emailed patient records (encrypted) to a group of (for example) doctors at a dozen institutions, and I know from email chains they shared that internally in their email systems in unencrypted form. So certain information can live in many dozens of inboxes at dozens of different institutions/systems.Please don't ever email sensitive files.... Email is not the least bit secure.Why not just email them to yourself? Or Google drive? You sure don't need to pay for anything.
If I email myself something private, is it any less protected than our doctors discussing your most personal issues, sending documents, etc?
I guess I'm asking...is "my" email less secure than a hospital's, bank, mortgage processor, lender, payroll system, etc?
Now, user error...that's a huge security risk. One typo in an outgoing email and the world knows your business.
In my organization, it would be fine, though it wouldn't exactly be encouraged. We have a local instance of a web based file sharing tool and we have a password manager that both allow sharing of data and files, which is what we would encourage you to use instead(because in both cases, you can limit the download(say it's valid for 1 day and/or 1 download, whichever comes first). So if your email leaks in a month or a year, the link is clearly no longer valid and no data escaped. For more longer-running, consistent over time sharing, we would have you use a shared cloud drive(like say within your department).
For personal email, like say gmail, this would still probably be safe enough, since both sending and receiving would be local to Google and it would all stay within gmail.
Statistics: Posted by zie — Wed Mar 20, 2024 12:20 pm — Replies 93 — Views 7478