Skip to main content

Safe practices for sending mail

Most of us rely heavily on email to communicate with our customers, partners and with each other at work. But e-mail is unfortunately also often the way a hacker uses to gain access to a company’s data, as a result of an employee having made a mistake. Having a good practice for using an email client is therefore crucial to having a safe email.

This blog goes into depth about how to have good email practices – that is, having some secure workflows when using an email client to send or receive email

Did you know that 91 % of all cyber attacks begin with a phishing email?


Examples of bad email practices

A bad email practice can lead to compromising personal information and company data. Here are some of the most common mistakes made:

  • Errors in the recipient selection: Errors are made in the recipient selection, which leads to sending information to the wrong people via email, and thus risks exposing information. In this connection, one should be careful when using the CC field, the BCC field and “Reply all”. A mistake here could send a private email and/or your customers’ names and email addresses to thousands of people.
  • Involuntary receipt of data: We do not allow people to send you personal and sensitive information in a secure manner. This results in people sharing personal and sensitive information with you via email, whether you have asked for it or not. This means that sensitive data accumulates together in the inbox, where you typically do not have data protected.
  • Failing to delete mail: You fail to delete mail in the inbox or outbox. Many of the e-mails you have received or sent over the years contain personal information. If you store them for too long, it may be in violation of the GDPR and own policies on the protection of personal information.
  • Lack of security: People are so comfortable using e-mail that they don’t think about the risks. One may not see the need to check whether emails are properly protected or consider whether it is even appropriate to send certain information in an email.
  • Work emails are not private: The boss and others who are authorised have access to monitor and read each employee’s work email. This can expose people’s personal information more than necessary.

These errors are indicative of poor email practices and emphasise the importance of being careful when emailing.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

Good practice for sending mail

Even the most careful users can fall prey to common email security flaws. Be aware of these pitfalls:

  1. Double-check the recipient field before sending: Always be careful to check who is in the ‘To’, ‘CC’ and ‘BCC’ fields before sending an email. This is especially important when sending sensitive or confidential information. Consider using the email program’s features to warn when sending outside your organization or to large groups.
  2. Be careful with “Reply All”: Educate employees on the correct use of “Reply”, “Reply All” and “Forward”, and emphasize potential consequences of misuse.
  3. Create secure communication channels for sensitive information: Encourage customers and business partners to use secure platforms designed for exchanging sensitive data instead of regular emails. Consider implementing a secure form or secure email portal on the company’s website where people can send you personal information securely.
  4. Regular cleaning and deletion of emails: Set up regular reminders to review and clean up your inbox and delete old emails that are no longer needed. Apply automatic policies to delete emails after a certain period, especially those containing personal data, in accordance with GDPR.
  5. Phishing attempts: Learn to recognise suspicious emails. Phishing emails can look convincing and often ask for sensitive information or pressure you to click on malicious links.
  6. Too much information: Be careful about how much personal information you share over email. Cybercriminals can collect this information and use it for identity theft.
  7. Attachments: Do not open attachments or click on links from unknown or suspicious sources. Even emails that appear to come from acquaintances can be spoofed.
Email privacy issues

Dont forget your IT security

The security of one’s mail is also largely related to one’s security measures. Here are some essential tips to ensure your IT security:

  • Strong Passwords: Use long passwords that include a mix of letters, numbers and special characters. Consider using a phrase or combination of words that is easy for you to remember but difficult for others to guess.
  • Two-Factor Authentication (2FA): This adds an extra layer of security by requiring not only a password and username, but also something that only the user is wearing; it can be an SMS code sent to a mobile phone or an app that generates codes. Enable 2FA to ensure that even if your password is compromised, unauthorised people will not be able to easily access your account.
  • Encryption: Use encryption to protect data in your emails, especially when they contain sensitive or personal information – both when they are “at rest” and “in transit”.
  • Anti-virus software: Make sure your anti-virus software is always up-to-date and configured to automatically scan attachments when they are downloaded.
  • Awareness: Train employees in safe email handling and the risks associated with negligent use of email.

Start your GDPR cleanup where it is needed the most

Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.

The shortest way to a sending mail securely

Having good email practices places great demands on one’s work processes and IT security. To help, one can choose to use specialised tools that automate the security measures. In Safe Online, we have developed a secure email portal service which makes it possible to encrypt personal data that you share and receive via email. Read about ShareSimple

Would you like to know how much personal data is in your inboxes? Read about DataMapper

Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →


How to handle sensitive personal data


How to find personal data with datamapping tool


How to prepare for a data audit