General security

Why email puts your business data at risk, and what to do about it

Ajay Patel
October 2, 2014 by
Ajay Patel

In spite of the abundant availability of enterprise software designed to help businesses be more productive, cost-effective, and security conscious, most businesses today still rely on email as their primary business communication, collaboration and file sharing tool.

But why is this the case? Simply put, businesses are reluctant to stop using email, because everyone uses it. As much of a truism as it sounds, this "we use it because everyone uses it" excuse is often used in business, particularly when it comes to technology. Organisational and human bad practices around email are so ingrained in existing work practices that changing it may seem an impossible task.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

The thought of turning the email tanker around can be so overwhelming, particularly for larger organisations, that the easier option is just to let it carry on. And, short of the productivity issues that are associated with it (according to a McKinsey Global Institute report, workers spend 28 per cent of their time reading, writing or responding to email), this would be perfectly acceptable.

Except for the fact that email puts businesses' confidential data at risk.

Email is an inherently insecure way of sharing information. Think about how many times you've received an email meant for someone else, or accidentally copied the wrong person into an email chain. If your business is regularly emailing sensitive information back and forth, just imagine how frequently confidential emails must get sent to the wrong recipient.

recent survey revealed that a worrying 89% of law firms reported that their main way to share confidential information is via unencrypted email, yet 70% of firms reported being aware of the importance of secure file sharing, understanding the risks associated with compromising confidential data.

Here's an example that many people will be able to sympathise with of emails getting sent to the wrong person in a work context. It's embarrassing, but did not pose any serious risk to the business in question. However, here's a different example of sensitive data being emailed to the wrong person, outside of the company firewall (in this instance, a county council), which had much more serious consequences.

Accidentally sending an email to the wrong person is one concern, but what about providing access to your entire inbox? That's what happens when people leave themselves logged into email using shared computers, or if their laptop or mobile device gets lost or stolen.

These are all examples of information being shared by accident. What about if someone was maliciously sharing or accessing sensitive corporate data via email? It takes only the click of a button to forward an email to anyone outside of the corporate firewall. This email can go anywhere without anyone else in your company knowing, and there is no record of it whatsoever.

This is should be a serious concern to all organisations, and particularly those that share sensitive corporate and client data regularly via email.

The answer to the security risks of email is to move all file sharing to the cloud. Cloud-based secure file sharing platforms enable the secure transfer of documents and information without the risks associated with email. Access is granted on a permission-only basis with each user requiring a login. Correctly accredited software-as-a-service providers will offer enterprise-grade security features that will ensure the protection of all data within the system.

IT departments should be looking at enterprise file sharing solutions that provide them with the control and audit ability they require; one that enables them to change settings, controls and defaults so they know what's being shared and how.

It's vital to choose a file sharing platform built on infrastructure you can trust: secure, private cloud. This way you know you won't be putting your business's or your clients' data at risk.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Ajay Patel is the co-founder and CEO of HighQ.

Ajay Patel
Ajay Patel

Ajay Patel is the co-founder and CEO of HighQ ( He oversees HighQ’s global operations, business development and product strategy. HighQ was founded in 2001. Since then, it has worked hard to build an exceptional reputation for delivering leading-edge software to some of the world’s largest law firms, investment banks and corporations.