Sending an email is like sending a postcard: everyone or every system that handles it can see and record what you've written. This is not a problem obviously if the contents are nothing of interest or importance. It is a big problem, however, if the contents include banking details, network passwords or other types of sensitive data; defamatory remarks are a definite no-no too. If you send an email that contains data or content that your firm's acceptable usage or security policy expressly forbids to be sent via email, then you could find yourself in trouble. Most security-aware organizations will have polices and guidelines that cover the transmission of sensitive data: what data can be sent via email, what must be encrypted, etc. You should check with your IT department as to how you should send information of differing levels of sensitivity in order not to fall foul of these policies.
Merely putting sensitive information into a .pdf file instead of the body of the email won't protect it either unless you use one of Adobe's encryption options. A digital ID is required to sign documents and apply certificate security. Adobe Acrobat allows for the creation of self-signed digital IDs, which should be sufficient for many situations.
The most secure way to send messages and attachments is to encrypt them before they are sent. In addition to protecting the attachment while in transit, file encryption also provides protection to the file while it is stored on a PC, any mail servers it passes through, and finally when it arrives at the recipient's machine. Before making a .pdf available to others, consider removing content that reveals the document history or that contains personal information, such as metadata that lists your name as the author.
I would also recommend that you sign any important messages as well as encrypt them so people can be confident the email originated from you. If the person to whom you send an email also has a digital certificate, you can sign and encrypt the message to ensure that it cannot be altered or read by anyone other than the intended recipient. As a matter of good practice, I would always write an email like it was a postcard, not a letter, and add a salutation and data and time in the body of your emails to ensure the context of the message is clear. Your email or attachment could be intentionally or unintentionally forwarded to and viewed by many, many other people. Even if you have encrypted the contents of the email or your .pdf document properties prevent printing or copying, there is nothing to stop the recipient from photographing the contents while they're displayed on their screen.
There have been quite a few security bugs found in .pdf documents recently, so if you exchange .pdf documents, ensure your computer is kept up to date with the latest patches. Antivirus and antispyware should be installed, updated and running, and always scan emails and documents before opening them.
This was first published in February 2010