If you are sending documents that aren’t sensitive in nature and privacy and security are not your main concerns then yes it is safe. Gmail is frequently used by malicious users for phishing campaigns and as targets for hackers. It is very easy to send documents via Gmail but unless it isn’t sensitive it shouldn’t be sent unencrypted..
Gmail is a very popular email provider offering many sharing options with Google Drive, Docs, Sheets, and other Google apps. There are many safety concerns with using Gmail to send information to recipients, mainly personal information. I will cover the concerns and mitigations you can learn and practice when using Gmail.
Does Gmail encrypt email?
Gmail doesn’t encrypt your email by default. To make things worse, Gmail has a feature called confidential mode which allows your message to have an expiration date, revocation of message, or require an SMS code to view it.
Falsely advertised by Google, confidential mode neither protects the sensitive information or protects from unauthorized sharing. There is no end-to-end encryption, key management, or secure message portal with Gmail. It is one of the most insecure email services.
Other things to consider are that spammers frequently target Gmail users using their own Google accounts. The types of attacks that are frequently performed in Google are instant messaging (SPIM), spamming via email, and account impersonation.
Gmail Confidential Mode
What Data is Safe to Send Through Gmail?
You are generally safe to send information that isn’t sensitive. A casual correspondence with a friend, education institution related, or other non-sensitive or risky subjects.
Types of information you are safe sending across Gmail are:
- Images / Videos of a non-personal nature and have no meta data attached to them (device data/location etc.)
- Documents such as school papers, notes, some resumes, and study resources
- Install files for commonly used applications
- Links for information of a non-sensitive nature
What shouldn’t I send through Gmail?
There are a lot of things that aren’t safe to send through Gmail due to its lack of security features. These will include items of a personally, organizationally, or proprietary nature. It is always a good idea to let your contacts know that you absolutely will not discuss anything of a sensitive nature through Gmail due to the many risks to privacy and security
You can coordinate alternate means of communication for those touchy subjects. Some alternatives might be: encrypted email, encrypted texting/voice calls like Signal, LastPass note/password sharing, and other encrypted means.
Here are some commonly sent categories of data that are sent through Gmail that shouldn’t be due to the risk of exposure.
- Social security, bank account, routing, credit/debit card, government/military identification, door keypad PIN’s, and any other number combinations that are personal in nature.
- Files that contain sensitive company information like blueprints, source code, IP addresses, make/model of computer hardware, server/workstation names, DMZ/VLAN information, financial reports or related data, and any other information that could cause damage to the company’s reputation, systems, or employees.
- Medical information related to insurance numbers, medical conditions, dates of birth, treatments, or appointment information.
Repercussions of a Data Breach, Theft, or Leak
Whether it be from a data breach, leak, or theft, the aftermath of these events can be catastrophic. Anything from a fraudulent charge made by someone impersonating the victim to a full-on identity theft scenario.
Some things that can happen are:
- Account usernames and password stolen when sending Gmail across insecure or open/public Wi-Fi leading to account compromise
- Credit/Debit card number theft leading to fraudulent charges on your bank statements
- Social security number theft leading to address change, identity theft, tax fraud, and opening fraudulent lines of credit in victim’s name
- Personal information theft for recipient or sender of the Gmail message leading to account compromise/identify theft etc.
- Attacks against an organization, executive, or proprietary information sabotage brought on by sensitive information theft
What are Some Secure Alternatives to Gmail?
We need to remember that email is inherently an insecure service. Secure email protocols aren’t enabled by default on most free email providers, especially Gmail. In order to send encrypted Gmail you would need to set up Transport Layer Security (TLS) on the recipient’s email client or domain. This would allow for end-to-end encryption for both receiver and sender, keeping your Gmail messages safe when traveling across the internet.
There are alternative email services to Gmail that offer encryption by default and come with a large variety of security settings! My favorites are: Tutanota and ProtonMail. These are email providers based out of Switzerland and Germany that prioritize privacy and security.
Not only are you able to send encrypted email to a recipient using the same email service, but you can email an encrypted email to non-Tutanota/Proton users using a secure web based portal that requires credentials to login and securely view email with a combination of Private/Public PGP keys.
In summary, Gmail is a great free email service that allows for reliable sending and delivery of emails. The sharing features integrate with Google’s applications and Gmail seamlessly and makes for a smooth experience. Not only is Gmail better at controlling spam than other providers like Hotmail and Yahoo, but the user interface is friendlier and has more customization
The security and privacy issues surrounding Gmail should not only concern you, but help you realize that your data isn’t truly secure unless you take extra precautions regarding your email messages.
There are a great many risks to sending just any email message from a Gmail account. For emails of a more sensitive nature consider an email provider like Tutanota or Proton. If you don’t want to switch then share an encrypted document or file through Google Drive.
You are able to set permissions on what viewers can or can’t do with your file.Doing this also bypasses email traffic and isn’t sent across to the recipient unsecured. I would highly recommend doing this in order to tightly control the access of your personal files.