The Shoothill guide to emailing sensitive information securely

You may have noticed a number of stories in the news recently, where information has ended up being shared far more widely than the sender expected. Situations like these are a useful reminder of how easily data can travel once it leaves its original source. With that in mind, this week’s newsletter focuses on the importance of emailing sensitive information securely and the simple steps we can all take to keep our communications protected.

Before you send an email, it is worth taking a moment to pause. A surprising number of data leaks come from simple mistakes, so the best decision is often to not send one with sensitive information in at all. But if you do need to, double checking recipient email addresses, thinking about whether email is the right method, and removing unnecessary sensitive details are all small habits that significantly reduce risk.

Whenever possible, use encryption. Microsoft 365 provides built in tools that make your emails readable only to the intended recipients. Features such as Outlook’s Encrypt and Do Not Forward options, along with messages that require identity verification, give you a strong layer of protection. If you are ever unsure, encrypting your message is always the safer choice.

Wherever you can, share secure links instead of attachments. OneDrive and SharePoint allow you to control file access, restrict downloads, set passwords, add expiration dates and revoke access instantly. This means that if information is forwarded or ends up somewhere it should not, the link becomes useless and your data stays under your control.

Sometimes attachments cannot be avoided. In those cases, it is important to secure them with password protection or encryption before sending. Sharing the password through a separate communication channel such as Teams, text message or a phone call adds a vital extra safeguard.

Staying alert for suspicious emails is equally important. Whenever major stories about leaked or sensitive information appear in the news, phishing attempts often increase. If you receive an unexpected file, a slightly misspelt domain, an unusual request or a message prompting you to sign in somewhere, it is always worth stopping to check. Attackers often take advantage of heightened attention around big events.

Securing your devices is another vital part of email safety. Keeping your software updated, using strong and unique passwords, turning on MFA wherever you can and avoiding public Wi-Fi when sending sensitive information all help maintain a secure environment. These steps may seem simple, but they make a significant difference.

It is also important to understand data classification. Public information can be shared freely, but internal content should remain within the organisation. Anything classed as confidential should be encrypted before being emailed, and highly sensitive information should be shared only through secure alternative channels. When you are unsure, it is always safer to treat data as higher risk.

And remember, you are never alone in making these decisions. If you are unsure about the safest way to share information or need a second opinion, our IT Services team is always ready to help. Even experienced team members benefit from reassurance from time to time.

Given everything happening in the wider world, it is a timely reminder that once data leaves your hands, you cannot always control where it ends up. By taking these steps, we can keep our information secure, intentional and exactly where it is meant to be.