Why you shouldn’t use email for Client Due Diligence

If you gather Client Due Diligence, you’ve got a problem.

It’s email.

Although most of us use it every day, email is not secure. Email data can be stolen as it travels unencrypted over the network, or is stored on mail servers and devices.

Here's the lowdown on why you shouldn't be using email to share sensitive Client Due Diligence information.

---

Everyday email

Although other channels have emerged, most companies still rely almost exclusively on email for daily internal communication with employees and external communication with clients.

It's difficult to imagine how we would function without email now that it has become an integral part of daily life.

Personal data

Most people fire off emails every day without giving it much thought. Many of these will have attachments containing important information. If you share or gather Client Due Diligence (CDD), these attachments will include passports, driving licenses and other documents containing sensitive, personal data. 

However, despite the prevalence and convenience of email, it is not the best method for sharing such important documents.

Insecure by design

Quite simply, email wasn't designed with security in mind. Although security has certainly improved over the years - encrypted servers and passwords, for example - email is still far from completely secure.

It would obviously be a good thing if all emails were encrypted by default so that only the intended recipient could read them. But this isn’t going to happen soon, if at all. Public key encryption is simply too complicated for the majority of people who just want to send normal emails.

A dangerous journey

When you hit send, an email does not simply go from you to the recipient. Most emails have to pass across multiple networks and servers before arriving in the recipient's inbox.

It's this 'middle' part of the journey where email is at most risk. A ‘man-in-the-middle’ attack (MitM) is a type of digital eavesdropping where a third-party spies on information as it passes between two parties.

Unsecured networks, vulnerable servers, and people clever enough to hack them all pose risks to your emails as they travel across the global network. And it's precisely because email is such a ubiquitous and trusted form of communication in which personal information is often shared, that it is a prime target for attackers and interceptors.

Security breach

Because emails usually aren’t encrypted, hackers who access a network or server can easily read them - along with attachments like CDD documents.

And it gets worse. Some servers store emails that are years old, even if they were actually 'deleted' by the recipient.

Unfortunately the security risks don't stop there. Although businesses are increasingly improving their protocols for secure access, many email providers don’t require two-factor authentication. This makes it easy for hackers to target email account passwords and access all of the email and attachment data.

The enemy within

So far we’ve only focused on the bad guys. But it’s not just hackers you should be concerned about. Your email provider might be reading your emails as well -  Google got caught doing just that. And although they stopped this practice, bots still scan emails to collect valuable information about you.

Even our colleagues and clients pose a security risk. Once an email is sent, we can't control how the recipients use and share the content, because emails are so easily forwarded, downloaded and printed.

Human error

Human error is also a factor. The most likely problem is sending emails to the wrong address. This can occur if a recipient gets their own email addresses wrong when they provide it, which happens surprisingly often.

It can also happen through human error by the sender. Pick the wrong address from a list of auto-complete suggestions, and you could send sensitive data to the wrong recipient. This would be a data breach that might have to be reported.

With emails accessible on so many electronic devices, the chances of accidental exposure increases. All it takes is for a device and email account to be compromised, and all the account’s contacts are open to theft as well. If you access work emails on your smartphone, client CDD documents could be just a lost phone away from disaster.

Choose the right tool for the job

Although email is a useful and necessary means of communicating, it simply isn't the right channel for important or sensitive information like CDD. There are just too many ways that confidential information can be discovered and exploited.

That's why it is imperative for organisations and individuals who gather CDD to assess their document sharing practices, and consider investing in a service which can guarantee the security of their data.

Peace of mind with MYCDD

MYCDD is an online service that simplifies Client Due Diligence. It gathers, stores and updates documents, without the need for email. You simply subscribe and access the documents you need on our secure global repository.

We make data security our top priority, using multiple layers of protection across a reliable Microsoft cloud infrastructure. So whether you’re an individual or multinational team, our secure solution provides the same standard of protection to all your CDD data.

Improve your data security. Sign up to MYCDD today