There are significant risks associated with transmitting confidential data or sensitive personal information via e-mail. These emails can be intercepted by hackers and cause serious problems for you and your company. This is why PCI DSS requirements prohibit sending payment card data by email, IM or chat unless it is encrypted with strong cryptography. Any organization that’s required to comply with PCI DSS must have this as part of their information security practice.
Before we present best practices for safe email sending, let’s summarize the biggest risks:
- Data breaches:
Through intentional compromises or unintentional leaks, personal information contained in your emails can be exposed.
There are experienced bad guys with a lot of time on their hands waiting to access your personal information or your organizations confidential data via theft of your username or password... or even enticing you to click on malicious software.
- Your own employees:
Your employees may have access to sensitive information- whether it be personal or business related. It is important that they understand how to secure their email so the information they obtain does not get leaked.
Now that you understand the risks, here are 6 steps you can take to ensure safe email sending:
6 Steps to Safe Email Sending
- Do not send personal messages from your corporate account
- Do not forward company emails or corporate data to your personal account
- Remember...email is NOT private
- Check with the sender before opening attachments
- Do not send sensitive information over email
- Respect email laws and regulations
Want to learn more about email security and other PCI security awareness topics?
Take a look at our PCI-Essentials course: www.pci-essentials.com
PCI Essentials comprises 10 highly interactive modules, each focusing on a specific area of cardholder and information security. The training is designed to address all of the security awareness topics needed for compliance with the training requirements of PCI DSS