Botdoc Blog

I'm So Tired of False Cyber Security

Written by Karl Falk | Jun 1, 2020 3:19:00 PM

I see it all the time. I get an email from a lender, title company, or other and on the bottom, it says, “This email is secured by XXXX”. You pick the company, Zixcorp, Proofpoint, etc.  This is so bad because that email is NOT secured. It's only secure at rest in the company's email server/environment.

If they use a typical, pain-in-the-butt, secure email that everyone hates and has to login to, then it's secured. Or if they try to use encrypted email and make consumers download software and manage encryption keys etc. then it's secure….but please.

I have had companies tell me, “It's okay to email them my bank statements, tax returns, W2s, etc. over email, "Because 'our email is secure...see?' It says it on the bottom, 'Secured by XXXXX.'" Well, guess what? My email is not secure and the path my email uses to travel to your email service is NOT secure. And guess what….most consumers never delete their deleted items…let alone their sent items. So those documents sit there unsecured for a long time. Not to mention all the residual copies of emails in routers, intermediary servers, etc., just ask Hillary Clinton. All because a company did not provide the consumer with a secure means to transport those items to you. You give your clients a false sense of security. Shame on you and shame on the companies of these services. And given the issues like the Yahoo email hacks, at some point, it should be the liability of the company if sensitive information was exposed in personal email by the company giving consumers unsecured methods to transport documents and data.

I am so tired of false cyber security. Did you know hackers can sniff emails in transit, and change attachments - things like wiring instructions - so when the company receives it no one would know any different? It happens all the time. It's why you see some banking institutions have language in their emails stating to never email wiring instructions. Funny enough even if they are using their “secure” service they say this message…..but it's okay for me to expose my personal information?

So the next time a company needs something from you and sends you an unsecured email saying it's secure, and you didn’t have to login into some separate tool or download some encryption plug-in, politely tell them “HELL NO”. And when they say login to our secure FTP transfer tool or create an account to something you’ll never use again, politely tell them “no” and that they need Botdoc. Encryption for transport without pins, passwords, logins, apps, or software to download. Future of the consumer experience.

No security is better than giving someone a false sense of security. Stop the nonsense.