Never email important files unprotected
If you send confidential documents by email without encrypting them first, they could be:
- Read by someone who accesses your email account (for example, through phishing)
- Sent accidentally to the wrong people
- Forwarded to anyone without your knowledge
- Intercepted en route to the recipient by criminal hackers
How to send secure documents by email
If you are sending sensitive documents, it's essential that you encrypt them first. Here's how:
Choose the right tool. The most recent versions of Microsoft Office, Adobe Acrobat and Nuance Power PDF have built-in encryption and password-protection. For Office documents, use the newer "docx" and "xlsx" formats.
If you want to encrypt and password-protect multiple files and folders, use free tools such as 7-Zip and Keka.
Whichever tool you use, the important thing is that it uses the industry standard AES 256.
Your encrypted file is only as safe as your password, so make sure it's a strong one.
Sharing encryption passwords safely
As well as encrypting your document behind a password, it's important to share the password safely. Sharing the password by phone, text message or in person are all more secure than email, provided you take reasonable steps to make sure you call the correct number or know who you should be speaking to. If you are sharing documents with someone on a regular basis, you could set up a shared password in advance and update it on, say, a monthly basis.
Keeping emails out of the wrong hands
Firing an email off to the wrong person or people is all too easily done. At the risk of stating the blindingly obvious, you need to know who you are sending it to. Here's how:
Check the 'to' field carefully. Organisational address books may contain several people with the same or similar names.
Don't send to group emails and mailing lists without regularly reviewing who is on them.
Make sure only authorised people have permission to post, if you are the administrator of a mailing list.
Email the message to yourself and BCC your recipients. This means they will not be able to reply all (potentially publicising your mistake), and you don’t expose other people's email addresses.
Other email risks to avoid
If your account gets hacked, it won't be just one wayward email you have to worry about. Anyone with access to your account can see all the emails you've sent and stored, and send them to anyone they want. See our pages on malware, phishing and protecting your online accounts for more on how you may be the target of online fraud and what to do about it.