Putting it into practice

We’ve had a few posts now about email and cryptography, and I thought it would be helpful to look at some real world scenarios involving these topics. Email is a vital part of our work but it can introduce risks that may not be immediately obvious. System admins can see the mail that passes through their systems. This is not to say that they are malicious, simply that they can access it. This does not matter very much in most cases. Problems come when we need to share sensitive information, as in these cases, the risk is much higher. Sensitive information should only be read by the people who need to see it. While it might not be worth the time to take steps to render a normal email unreadable, if you are sharing sensitive information it is always worth it.

So what should I do?

If you need to share something sensitive, there are steps you can take. The first step is to be certain that this person needs to have it. If you’re not sure, then ISG or the Data Protection Office can help you. Once you’ve done that, you can encrypt the file on your PC, and send the encrypted file as an attachment. One way to encrypt a file is to use 7zip, which is available for free in the UCL Software Database. (When you encrypt, please be sure to use a strong password!) Once you have done this, call or text the person to let them know the password. It’s important not to share the password by email as then anyone else who can see the first email with the attachment can also see the second email with the password.

And that’s it. It’s a small extra step that can help avoid a major headache if the wrong person were to get access to data.