How To Send Sensitive Information Online
Going Paperless and Sending Financial Documents

Published August 2016

Quick Links

Brooks Duncan, Mr. PaperlessMr. Paperless

by Brooks Duncan, CMA
Author of Paperless Security Guide

Brooks is devoted to helping individuals and small businesses go paperless by turning piles of paper into an organized, electronic system.


On more than one occasion I have been referred to as "Mr. Paperless", so I try to follow my own advice whenever possible. This includes signing up for paperless billing from my utility providers.

Imagine my dismay when I received the first paperless bill from my gas company, and it was sent as a PDF attachment in an e-mail.

Why is this a bad thing? Isn't it more convenient this way? 

Convenient yes, but sending personal sensitive information in an e-mail is not a good idea at all. Let's discuss why that is.


How E-Mail Works

When you send an e-mail, you might think that your e-mail system connects to your recipient's e-mail system and delivers the message. You might even think that things are secure because you log into webmail and you have that little lock symbol in your browser.

Those are both logical assumptions, but they are not quite right. Here is how it actually works:

Why it is a bad idea to send sensitive information by unencrypted email.

When you hit send on that e-mail message, it gets sent from your provider to a central server somewhere. Then that server hands the message off to another server somewhere, and so on and so on until it gets to your recipient's server. It could take quite a few hops along the way.

These messages are sent in "clear text", which means anyone with access to any of those servers, or anyone listening in at any point along the way, has complete access to your message.

Even worse, those messages can sit around on any of those servers for months. Even if you or your recipient deletes the e-mail, it may still be out there somewhere.


“But I Have Nothing To Hide”

Frankly, I don't care if some hacker or bored system admin reads my wife asking me to go to the grocery store to buy kale. However, if I was buying a house or applying for a loan, I sure as heck would not want those documents sitting around on some mail server in Manitoba or Idaho.

Identity theft is a big enough problem as it is without us making it easy for them.


What You Can Do
Online Best Practice Options

Send sensitive information by encrypted email.

You can still use e-mail to communicate private sensitive information, but you just need to be a bit more smart about it. Here are some options:

  1. Use a cloud service like Dropbox, Evernote, or Box to host your document and create a private link. If your e-mail is intercepted the third party would still have access to the message and the link, but you can remove the file or shared access as soon as the recipient has downloaded it. Your exposure time is greatly reduced.
  2. Use a private cloud device like the Connected Data Transporter. This is similar to option 1, but your data is never hosted on an external service. You control it.
  3. Use a secure service like E-Courier. This allows much greater control over access to sensitive information, and your documents are "shredded" after a certain period; the shredding deadline is set by you.
  4. Use encryption or password protection: You can encrypt or password protect the documents before sending. This is the most secure, but you need a way to tell the other person how to decrypt the document which can add friction to the process.

Editor's Note: Another Opinion

To give the reader more information on whether it is safe to send sensitive information through unencrypted email ...

Leo Notenboom's article Where do attachments live once they're sent? walks you through what happens once you hit the send button. 

From the comments section to the article ...

"If you sent it through the post office, once you dropped it in the mailbox, you don’t know and can’t control the security of it, just like you can’t control the security of the email path. And if you had sent it through the post office, you have no idea whether this many years later it is still sitting in a file cabinet somewhere. That again, is not much different than it still sitting in his computer ... Would I suggest you do it again in the future. No ..."


Taking a little time up front to protect yourself with e-mail will make your private sensitive information much more secure. Now if only I can convince my gas company of this.


PDF TIP: Redact That Sensitive Information

Published with permission September 16, 2015

Let’s say you have a PDF and you want to delete sensitive information from it. Maybe it’s an account number, a Social Security Number, or anything else that you wouldn’t want others to see.

The way most people do it is they load up the PDF in their PDF reader and draw a white or black box over top of the information. It’s blacked out right? You can’t read it anymore right?

Unfortunately, it’s not so simple. While you’ve made it so that humans can’t see the information, the data is still there and embedded in the PDF. It’s very easy to find.

What you need to do is redact the information. This means an application goes through and nukes all traces of the data from the PDF. Here’s how to do it:

Redact on Windows

Redact On Mac

  • PDFpen can redact information. Highlight the text you want to erase and go to Format > Redact text.
  • If you have Adobe Acrobat Pro, it has a redaction tool. See the link above for instructions.
  • If you want to be extra geeky, Gabe from Macdrifter has a way you can use Hazel and PDFpenPro to automatically redact text.

The best thing about all these redaction tools is you can search and redact all the text from a PDF all in one shot. You don’t need to do it one by one.

If you have sensitive information in a PDF, redaction is the way to go.


Publisher's Recommendations

Vancouver consultant Brooks Duncan from DocumentSnap has published the following paperless tools to make paperless transitioning easy-peasy. I relied on these guides when I began the move to working virtually  ...

ALL DocumentSnap Guides
In ONE Bundle

Released in June 2016

Here’s what the Paperless Power Bundle includes:

  • Document Search Guide
  • Paperless Security Guide
  • Unofficial ScanSnap Setup Guide
  • Paperless Document Organization - Platinum Guide

Save 20%. Get your bundle here for just $54 USD.

Keep Your Document Safe

There are things you can do to protect your paperless documents.Version 2 Released November 2016

Here’s what the Paperless Security Guide covers:

  • How to back up your documents
  • How to secure your documents using encryption
  • How to protect your information in Evernote
  • How to keep your information safe on the cloud
  • How to keep your information safe on public networks

It's tied together with a Security Checklist at the end, so people know what they need to do to take action. Get your copy here for just $7 USD.

You Want Findable Documents

Know exactly what to do to find your paperless documents when you need themReleased May 2016

Here’s what the Document Search Guide covers:

  • How to avoid losing documents
  • How to find the document you need when you need it
  • Learn how the 80/20 rule applies to searching
  • Master search on Windows, Mac and Evernote

It's tied together with a Document Search Checklist at the end, so people know what they need to do to take action. Get your copy here for just $7 USD.

Master Your ScanSnap

What is the best way to setup your Fujitsu ScanSnap so that you can save time by scanning quickly and efficiently?New Edition Released September 2016

The Unofficial ScanSnap Setup Guide takes the pain involved with setting up your scanner. Skip your fast food lunch today. Ease your setup pain for $10.

Highlights of the Fifth Edition:

  • It covers new models of the ScanSnap like the iX100 and iX500.
  • It covers new ScanSnap software and scanning workflows like scanning receipts and books.
  • It covers scanning multiple small documents at the same time with some ScanSnap models.
  • It goes through all the scenarios for wireless scanning and how that all works.
  • It covers making PDFs searchable without slowing things down.

Organize, Find, and Protect

You've scanned your documents, now how do you organize, find, and protect them?New Edition Released August 2015

Highlights of the Second Edition Paperless Organization Guide:

  • How should you name your files and what should your folder structure be?
  • How do you find your documents once you've filed them?
  • What are the pros and cons of each major Mac and Windows software package, and who should buy which one?
  • Should you store your documents in the cloud? If so, where?
  • How do you handle receipts? How about business cards?
  • How do you keep your documents safe and secure?
  • How have others gone paperless, and how do Professional Organizers recommend that you do things?

To learn how to turn your piles of paper into an organized, electronic filing system, click here. Pricing starts at $15.

Learn how to get your Mac to name and file your documents automatically for you in the Go Paperless With Hazel Webcast. View this very affordable webcast for $10.

Going Paperless and Sending Financial Documents

 
 

Back to top