Do you really know where that 2007 list of emailed SSNs is? Licensed from Stock Exchange.

This post is the third in a series about data breaches you can prevent. We’ve already covered Phones and Personal Computing Devices and Your Browser. The next source we’ll explore is Your Inbox.

Many people use web email as an extra online hard drive, saving important files and attachments in an easy-to access location. Yet because other people send you information via email, ironically you have less control over what’s in your inbox than on your hard drive. And the fact that the each email is stored in multiple places makes your inbox an important and often overlooked source of breaches.

Every email can be copied and stored on more than a dozen devices, many of which are not secure. Every time Outlook or Thunderbird checks for new email, a copy of that email or webmail is stored on your local computer. Smart phones also create local copies of your email so that you can open an attachment or read notes from your boss even if you don’t have access to the internet. A copy of every email you write is often stored on your local device (such as your phone), local servers (such as a work server), remote servers (like, your desktop, your laptop, as well as all of the devices belonging to the recipient. The “Send” button should be more appropriately labeled “Make more than a dozen copies of this email and send them to insecure devices across the world.”

Keeping track of everything in your inbox and sent folder is a super-human task. Though most of your hundreds of daily emails are mundane, occasionally an unenlightened coworker might send you excel file entitled “Client Social Security Numbers,” or “Customer Username and Passwords.” Once your coworker hits send, the rogue file is copied to hard drives, cell phones, and servers across the world. Without your knowledge, the sensitive information quietly copies itself to your computers and cell phones.

With every copy of the email or personal information, the risks of a breach increase. And each day you receive hundreds of new emails, it is easy to lose track of old emails you were meaning to delete, but are now buried and forgotten. Old, forgotten data is dangerous because it is easily lost or misplaced. Lost email may create a significant breach of personal information, so make sure you are aware what’s in your inbox, because you shouldn’t expect to get a notification if your sensitive email ever falls into the wrong hands.

About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.