Email Security in the Life Insurance Brokerage Arena

Email is secure, right? Well, maybe, sometimes, and maybe not.

Is a lot of unsecure email finding its way into the wrong hands? Umm no, probably not, but it could.

What’s the big deal? Well, if you send an email and it ends up in the wrong hands, plenty! Fines, lawsuits and other penalties are possible if sensitive information you send (and maybe receive) gets into the wrong hands.

How do I protect myself? Ahah, that’s the issue at hand.

Regular email, sent from many of the major email providers, have no guarantee of security. The providers that do offer security are usually in the form of TLS. Keeping it simple, TLS works great if you have it and so does the recipient on the other end. The problem is most TLS is set up as opportunistic. That means that it will go through secure if TLS exists on both sides, but if not, it will still go through as an unsecure email. There are websites, such as checktls.com, where you could go and see if your recipient has TLS, but few senders check before they send sensitive email. TLS can be configured to only go through if the recipient has it, but that can be problematic if you need to get something to someone with an unsecure account. Many believe that just sending a TLS encrypted email covers your liability, but that is not clear. At the very least, you should be using a provider that encrypts with TLS, even if you use additional security.

By Tony Cravitz, CLU