A padlock on top of a laptop keyboard. There's red light on the left and green light on the right.

Digital technology continues to develop at a remarkable rate. Yet, as online processes are streamlined, the tactics used by cyber-criminals to access their victims’ sensitive data have also become more advanced. To this day, email is one of the quickest and most affordable ways of conveying a message from one person or business to another. Half of the global population uses email, and this number continues to rise at a remarkable rate. Yet, despite its many benefits, email is not without its risks. It’s important not to use email for the storage of sensitive data, like usernames and passwords, or as a form of identity verification. Here’s why.


Emails aren’t encrypted, making them an inherently insecure method of communication. They can be easily intercepted and hacked. What’s more, you could be none-the-wiser about the invasion of your privacy. It should also be noted that if you’ve been using your email to prove your identity on external platforms and websites, the hacker may also be able to imitate you elsewhere. The greater number of accounts and platforms linked to your email account, the greater the risk.


Another risk to factor in is ransomware and malware. Nobody’s inbox is immune to the risk of malicious emails, and the consequences of interacting with these emails can be devastating to either an individual or a business. In a business setting, an employee can inadvertently jeopardise a company’s private and sensitive data and potentially cost thousands in terms of recuperation and remediation costs. It’s also important to remain vigilant with regards to your personal email account. By accidentally downloading a malware virus to your computer, your private data could be comprised and perhaps even held ransom until you pay the demanded fee. Generally, cyber-criminals operate in a bid to benefit financially from their victims. Yet, their control over their victims’ data is still significant. What’s to stop them from sharing your data, passing it on, or selling it? Validating your identity via email holds further risks. Not only would the criminal have access to your personal data, but they could access other platforms and accounts through your email, too.

What's the Alternative?

When it comes the security of your data, it pays to invest in additional protection. Opting to pay for software to ensure the security of your sensitive data is likely to be insignificant in comparison to the potential cost of recovering your ransomed data. It’s important to install Multi-Factor Authentication software to ensure that the only authorized individual can access a given set of data. By confirming your identity on a secondary device, like your mobile phone, or via a QR or number code, you’re effectively putting another barrier in place between yourself, your data and the cyber-criminal. Wirehive’s Security and Compliance Manager, Daisy Pomeroy notes that ‘where Multifactor Authentication Services are used, this should be reflected in your company wide information security policies and even documented in your risk registers. This is not only good practice but is in-line with ISO 27001.’


As previously stated, using your inbox to secure usernames, passwords and other sensitive personal data leaves you vulnerable to crime and exploitation. By investing in an encrypted and secure piece of software, like LastPass, your usernames and passwords will be thoroughly protected. Whilst it’s impossible to entirely eradicate the risk of malicious cyber-attacks, investing in security software and Multi-Factor Authentication will stand you in good stead in protecting your personal data and identity online.