IT Security Tip #25: Using email to send attachments…sometimes its a bad idea
So you have a big file you need to get over to your client or the printer as soon as possible and you can’t get it to send via e-mail because the file is too big. What should you do?
The first right thing to do is contact your IT department so we (or they) can assist by installing a secure, commercial-grade file-sharing application or directing you to a safe resource on the internet designed for exactly that…transferring files.
Of course, for sending files, email is what everyone tries to use first…attach your files and hit send. Increasingly however, information security methods are working against you. For example, sending a ZIP file will more-often than not result in a rejection by the receiving email system. Why? Zip files are a very common method of delivering viruses. Likewise, sending Microsoft Word or Excel files may also be rejected for the same reason…these file types are the primary way to deliver ransomware these days.
Making matters more complicated are the sizes of attached files, made even worse by the way email has to handle them behind the scenes. Yes I know Gmail allows for practically unlimited sized attachments, but your recipient may not be so lucky! As a rule of thumb, you should consider any one attachment, or combination of them, that exceeds 10mb in size to be “huge” for transferring by email.
The system we call email was originally designed to send plain text. However, clever programmers have figured out long ago that if your attachment can be converted to a form of text, the email system can deliver it. A by-product of this conversion, a process called “encoding”, is that your attachment may balloon, possibly even doubling in size while in transit. The inflation of the file sizes can often interfere with the successful delivery of your email.
Lastly, sending attachments by normal email is one of the most insecure ways of sending anything. Any system along the way between your sending server and the recipients can intercept, read, steal, or change what you’re sending. Never send protected information such as healthcare records, patient details, or financial data via unencrypted mail. Encrypted email services address not only email security, but also often solves the problems of large email sending just by the way it works. If you have your own email domain encrypted mail services might be the only thing you need to solve this dilemma for your company. If this is something you need, we can help you with it.
If encryption is something you don’t need, then the absolute best and most reliable way to transfer large files to someone is to send them a link to the files you want them to have, instead of the files themselves. If you have Dropbox, Datto Drive, or a similar file sharing tool installed already, save your file(s) there and send the recipient a link instead of the file itself, using the sharing method allowed by those tools. This way, the only thing sent via email is text, not your attachments. They’ll click the link in the email and download the file, bypassing the email system for the attachment.
What you shouldn’t do is download a free copy of Dropbox or some other file-sharing software without telling the IT department. You may be opening yourself up to a different set of problems by not getting professional input on the the task at hand when it comes to file-sharing applications, especially free ones. These applications are known for security vulnerabilities and hacks. Plus, if the IT folks don’t know about it, they can’t manage it or secure it; So NEVER download any software or application without checking with your IT department first!