Email is the most common identity management and communication tool on the internet. Think about how often you are asked to ‘sign-up’, ‘sign-in’ and ‘enter your email’ for identity verification purposes online. Email addresses are the key to receiving notifications, creating online accounts and sometimes we even use them to communicate with each other. Think of them as your online personal identification. Such power with something that seems so simple, right? Maybe not.
EMAIL IS INSECURE – WHY?
Email was not designed with security, privacy, identity management or any data collection procedure in mind. It was never meant to be the epicentre of our online lives and it was born in a time when personal data protection and PIM software wasn’t at the forefront of people’s minds. In recent years there have been efforts to increase email security but with the shutting down of well-known secure email services like Lavabit, this highlights the difficulty in providing email based services with security up to scratch. (Lavabit was reportedly used by Edward Snowden, the NSA whistleblower).
Remember, email was developed when the online world was a much smaller place. It was a simple way to send messages back and forth to your long-lost cousins across the world, it was completely open and not even passwords were encrypted. It wasn’t designed for personal identity management. Today passwords are encrypted but email is still not a secure place to share personal data or documents, as there are different places your private information can be accessed within your emails.
These are:
On your device/or the recipient’s device
On the server
On the network
To avoid anyone accessing your device, whether it be your phone, tablet or computer, most people now have passwords to enter their device which acts as a controllable protection of personal data contained within the device. However, this isn’t always 100% secure. Some email programs encrypt the emails stored on the device but most don’t. Also don’t forget that even if it’s not a person unlocking your device, malware can do it in a matter of seconds without having opposable thumbs. In fact, rifling through email for personal data is a common feature of malware.
WHAT ABOUT SERVERS?
Servers are data storage centres where your email provider stores all of your emails. If someone hacks your email password they can sign directly into the server and access a complete history of your emails and any personal data they contain. Most email providers store emails as plain text – what this means is; any hacker that can access these servers will also have access to your emails and any attachments or personal data contained within them. Email providers don’t put much emphasis on personal data or the protection of stored emails as it would create too much additional work on their end. Emails servers simply weren’t designed for identity management or to function as PIM software does. But it also allows services to automatically scan your messages for keywords to target advertising. Think of all those targeted ads you see, it’s no coincidence you’re seeing ads about hotels in Spain when you were emailing a travel agent about them just last month.
NETWORKS
Networks are a little more complicated but are basically: your connection to your email provider (eg: Google, Outlook), any connections between your email provider, the recipient of your email, and your recipient’s connection to their email provider. For example if you and your recipient use the same service (eg: gmail.com) then you can have potential network vulnerabilities. If your recipient’s email is their work email address and for example, they work in a school, then there is a vulnerability between your gmail email and your recipient’s school email provider. With networks you might think that your personal data is secure and identity management is a breeze but that could possibly mean that only one branch of the network is secure while the other branches may have security vulnerabilities. Phew!
WHAT NOT TO DO
A recent example of how a simple human error can result in your private personal data ending up in other’s people’s hands is the sharing of Essential customers’ driving licenses via email. This method is not recommended as an effective identity management solution and is unsafe. Customers who had preordered an Essential phone received an email asking them to verify their address by replying to the email with identity verification in the form of a copy of their driver license. Many customers responded with this information, including their date of birth, home address, phone numbers and other personal data. These emails didn’t just go back to the Essential Customer Support team, they also went out to everyone who had received that initial email asking them to verify their private information. Shockingly, this meant that dozens of people now had received each other’s private, sensitive, personal data. Allegedly this issue was caused by the misconfiguration of an email address in the customer service platform, Zendesk.
WHAT OTHER OPTIONS DO I HAVE FOR SENDING MY PRIVATE PERSONAL DATA?
You can work on message encryption yourself but this is complicated process and can take some time, you may need to get the support of an IT professional too and it seems like a lot of work to ensure your identity management efforts are 100% secure. That’s where companies like PlanetVerify come in. PlanetVerify automates and digitises the gathering of identity verification data, personal data and documents in a way that’s cost effective, convenient and compliant.
PlanetVerify works by requesting documents via a secure platform instead of via email. Through this data collection process not only does this mean that your documents are 100% secure for identity management but the documents can then be saved automatically, kept for a specified amount of time and then be securely deleted (purged) when they are no longer needed. This eliminates the risk of your personal data documents lying in your email server open for attack. It also means that long email threads back and forth with businesses which contain your personal identification documents are a thing of the past. This automated data collection process also streamlines the experience for you and no more worrying about whether or not your personal data and documents are at risk of a security breach. In fact PlanetVerify have the most secure data collection process available today and keep your personal data safe by utilising:
- Ultra secure hosted platform
- Two-factor authentication
- SSL encryption on data transfers
- Optional IP restriction on accounts
- Continuous vulnerability management and testing
- Privacy by Design
- Complying with GDPR, Right to Rent/Work (UK) legislations
Ultimately email has never been ideal for any secure data collection process and it would prove very difficult to ever find a way to create a fully secure, email network-based and automated data collection process. With services like PlanetVerify collating, storing and managing your personal data, identity management and identity verification has never been more secure.
