@SendInc Sends Stuff Securely
Never, never, never send sensitive or private information through email. Doesn’t matter if you’re at home or work on a secure network when you see how email really works.
Please don’t even get me started on why you are just asking for trouble if you send anything secure over email while you are naked in a coffee shop on Wifi.
This all came to a head today as a client’s accountant asked me to complete a Form W9 for payments last year and get it to her within five days. Since this person didn’t have a local fax machine which she had control over…that was not an option. Yes, I could have filled it out and printed it off and snail-mailed it, but I resisted that with all my being since doing so runs counter to my increasingly paperless life and just seemed inefficient and dumb.
I’m well aware of all sorts of email encryption solutions out there to secure email: PGP; Hushmail; encrypting a Zip file; but all of these solutions require someone to be reasonably tech-savvy in order to use them or to adopt a solution like Hushmail as a primary service. Let me tell you that — after supporting family, friends and setting up support infrastructure for my company and others — the vast majority of people are NOT tech-savvy and I just want to be able to send stuff securely and digitally without having the recipient match my technoweenie skill-set!
So that made me wonder: Why couldn’t sending a non-techie a secure file(s) be easier? Fortunately I was pointed to a great solution.
HOW INSECURE IS EMAIL?
Most people I do business and connect with think the emailing-of-sensitive-stuff risk is low so why not just email it? I hear often joking comments like, “OK Borsch, take off your tinfoil hat.” After having a car broken in to while in Arizona over a decade ago (my wallet was taken) I remember vividly all the steps I had to take to secure my Social Security number, protect my credit and cancel everything and get new credit cards and other items. You bet I’m paranoid, especially since it is A LOT easier today to snag identities, hacking and cracking incidents are up, and I refuse to make it laughingly simple for people to grab my sensitive information.
Few people realize that their emails — with the PDF, XLS, PPT, Zip or other unprotected payloads — bounce through multiple routers as emails traverse the ‘net and it’s pretty trivial for them to be captured:
Yes, I’m aware of all of the “server-level security” measures to make it harder for emails to be siphoned off, but that’s a subject for another post. My sweeping generalization (after a lot of study over time) is this: emails are wide open and insecure (unless they’re encrypted) and savvy hackers can circumvent router and server-level security easily.
A SOLUTION ANYONE CAN USE
Rather than hunt for hours this morning I just IM’ed with a geek buddy of mine in California who is a security expert. I was whining to him about the challenges I was having sending this specific PDF securely without also having to educate, train and support this accountant with some relatively complex solution. “Use Sendinc” he said. “The Basic plan is free, it’s super-simple to use even for a newbie, and it’s highly secure.”
So I just went to the site, read up on their features, and was sold so signed up at Sendinc for the Basic, free plan. “Sendinc secures your message by ensuring that your data remains encrypted from the time it leaves your computer through the time your recipients retrieve it. At no point in the process is your message data transmitted or stored in an unencrypted format. Sendinc further ensures the safety of your messages by verifying your recipients are in fact your intended recipients.” More on how it works here.
Be aware of one thing though: do NOT just have the recipient wait for you to send an email from Sendinc with your secure payload. Ask the recipient to sign up for the service before you send them the secure file(s). Why? So the email with the file(s) link (which SendInc sends to them whether they’re signed up or not) isn’t intercepted en route (or the recipient’s email account is comprised) and someone else uses that link to login and retrieve the file.
How secure is Sendinc? Sendinc uses the Advanced Encryption Standard (AES) 256-bit SSL encryption which is the same encryption technology used by popular e-commerce and banking sites to protect sensitive financial information.
In June 2003, the U.S. Government announced that AES could be used to protect classified information: The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.”
Cool, heh? Sign up for a free, Basic account so you and anyone you need to send highly sensitive or private files to can do so safely and securely without alot of technical mumbo-jumbo or learning required.
3 Comments
Leave a Comment
About Steve Borsch
Strategist. Learner. Idea Guy. Salesman. Connector of Dots. Friend. Husband & Dad. CEO. Janitor. More here.
Connecting the Dots Podcast
Podcasting hit the mainstream in July of 2005 when Apple added podcast show support within iTunes. I'd seen this coming so started podcasting in May of 2005 and kept going until August of 2007. Unfortunately was never 'discovered' by national broadcasters, but made a delightfully large number of connections with people all over the world because of these shows. Click here to view the archive of my podcast posts.
Hi Sorry if this is a stupid question, but, I don’t really get what you mean by…. “Be aware of one thing though…”
What am I being aware of? Not sure how having the recipient sign up ahead of time will prevent either scenario you list here (interception/or having their email comprimised)? Please explain.
“Not sure how having the recipient sign up ahead of time will prevent either scenario you list here (interception/or having their email comprimised)?”
Because if a person already has an account—and has signed up with their email AND used a password—then someone intercepting the email could click on the link…but they would have to login to SendInc. Since your recipient already has an account, the person intercepting the email couldn’t retrieve the secure email without also breaking in to the SendInc account.
Lol you are so smart and very correct. Thank you for connecting the dots for me :)!!!