Email (in)security Three reasons not to use email to contact us
Background The first email was sent in the 1970s when the internet was a much smaller and safer place. It is undoubtedly the most common form of communication on the internet, if not the planet. Pretty much everything connected to the internet has email built in and our email addresses generally act as our internet IDs. It’s important to realise however, that email was designed without any security or privacy in mind and this is still largely the case for many emails sent today. This is easier to understand by looking at how email actually works:
1 You write the email and click send 2 Your email application connects to the server and transmits the email 3 The server looks for the recipient email server and works out a route until a chain of servers (maybe hundreds) is created from sender to recipient 4 The information is then relayed via all servers to the end recipient server 5 The recipient receives the email
Every time your email arrives on a server it is vulnerable to attack, usually due to unsecure networks and poor server governance. As most emails are not encrypted, hackers can easily read emails and any attachments, or instead go after your email password.
Three reasons not to use email 1 Poor security The fundamental problem with email is that there are simply too many ways that confidential information can be discovered and exploited.
2 Emails are a favourite target of fraudsters The security flaws inherent to email usage mean that there is a high likelihood that you will be targeted by criminals looking to access your emails or log in credentials. Once in, they can read your emails and history and potentially open any attachment (even if password protected). A further problem is that many people have the same passwords for email and many websites, which means that cracking one can often provide access to everything. In general terms, the less you use email, the lower the risk that your email will be compromised. Also, you are more likely to notice something suspicious if your email account has less activity. At Equilibrium, we have actually experienced attempted fraud first-hand. Client emails have been hacked, with the fraudster then sending us emails asking to change bank details and make withdrawals. It can and does happen!
3 Mistakes and loss of control As email is so simple to use, it is easy to become complacent when sending messages, especially when busy or if something is urgent. This can lead to errors, such as sending emails to the wrong person. Once that email is sent, it can often be impossible to recall it and you then have no control over what the recipient does with that data. Most of the time, accidentally sent emails are deleted by the recipient, but not always and there are numerous data breaches and embarrassing situations that can occur in this way. A quick web search will provide ample evidence of this. One way to think about email is to consider that everything you have written could be read by anybody. If your message contains information that you are not happy to be publicly available, then perhaps consider sending it in a different way.
What are the solutions? We have set up two messaging options to improve security and reduce reliance on email.
Client portal This is the now primary way would like to communicate with our clients. Our portal is far more secure than email and enables us to send messages and share documents. It is protected by multi-factor authentication. This is where you are asked for other information to log in, not just a password. There are also many other benefits to using the portal, such as on-demand valuations.
WhatsApp We have set up an Equilibrium WhatsApp account to allow people to transfer documents which they have scanned into their smartphone or tablet. This avoids email and ensures end-to-end encryption. If you would like any further information on either of these options, please contact your client manager. One common concern is about how to manage so many passwords. If this is something that worries you, please have a look at the blog we wrote on the subject, available here: equilibrium.co.uk/blog/one-password
Head Office Ascot House, Epsom Avenue, Handforth, Wilmslow, Cheshire SK9 3DF Chester Office 19a Telford Court, Chester Gates Business Park, Chester CH1 6LT
0161 486 2250 0808 168 0748 askus@equilibrium.co.uk www.equilibrium.co.uk
Equilibrium Financial Planning LLP (OC316532) and Equilibrium Investment Management LLP (OC390700) are authorised and regulated by the Financial Conduct Authority and are entered on the financial services register under references 452261 and 776977 respectively. Both companies are registered in England and Wales. Registered office: Head Office. The FCA regulates advice which we provide on investment and insurance business; however it does not regulate advice which we provide purely in respect of taxation matters. EI.05.2020