Traditional email is like sending a postcard, anyone who intercepts it can read it. Modern email providers use TLS in transit, but once your message lands in someone’s inbox, it can be forwarded, copied, or exposed. That’s why we layer in encryption, secure tools, and automation.
Sending this kind of information carelessly can open the door to data breaches, compliance violations, or worse. Fortunately, there are secure methods and tools that make it safer to send sensitive information via email.
Best Practices for Sending Sensitive Information by Email
Use One-Time Secret Links (Example: OneTimeSecret)
Instead of sending private info directly in an email, you can use a secure one-time link.
For example, OneTimeSecret. It lets you type in a password or note and then generates a temporary link. That link can only be opened once, and then it disappears forever.
What your recipient sees:
A OneTimeSecret message with blurred password text and countdown timer.
Tip: Never send both the password and username in the same email. Separate them across platforms or use a phone call for one part.
How Lucidica Sends Passwords and Other Sensitive Information
We don’t send passwords in plain emails, ever. Instead, we use a secure system designed for IT companies to manage and share sensitive information. If you’re using a secure system, you’re already on the right track. Our system includes a built-in secure password sharing feature.
How we use:
1.Generate Passwords: Strong, Unique, and Secure
When setting up new accounts or services for our clients, our engineers use built-in password generator. It gives you different options to create strong, complex passwords instantly randomised to avoid patterns or reuse.
These passwords can be:
- Customised in terms of length, character type (including symbols, numbers, uppercase/lowercase), and the number of words you wish to use.
- Regenerated multiple times if needed
- Stored directly in the client’s secure profile with labels and tags
We avoid using guessable passwords, so we always prefer to the use first option ‘’all characters’’.
2. Sending Passwords: One-Time Secure Notes with Expiry
When a password needs to be sent to a client, the functionality “send secure note” is used. This process involves creating an encrypted link that the client can use to view the password securely.
Here’s how it works:
- We create a Secure Note in our secure system, including only the required sensitive information (e.g. password, link, or key).
- We choose how long the note will be active, commonly between 30 minutes to 48 hours.
- Our system encrypts the note and generates a private, one-time link.
- That link is then emailed to the client (but not the password itself).
- Once opened, the link self-destructs and cannot be accessed again.
This method ensures the password is never exposed in the email itself. Even if the message is forwarded or intercepted, there’s nothing sensitive to steal.
3. Using Our System as a Secure Knowledge Base
Our secure system is more than just a password vault, it’s our centralised, secure knowledge base.
Each client we support has a dedicated space in this system where we store:
- Client-specific procedures (e.g. how their Wi-Fi is set up, how to reset their printer)
- Passwords and API keys for services, apps, routers, etc.
- Internal guides for engineers, such as how we configure backups or security packages for that specific client
This allows us to:
- Ensure consistency across engineers and projects
- Maintain clear documentation and logs of all updates
- Access information securely when responding to support tickets
Everything in our system is encrypted, access-controlled, and tied to individual users with audit trails, so we always know who viewed or updated any entry.
4. What About Email Encryption?
For certain communications, especially with documents like contracts or financial statements, email encryption is essential. If you’re using Microsoft 365, higher-tier plans include the ability to automatically encrypt emails that contain sensitive content.
With Microsoft 365 (Outlook), you can:
- Mark a message as Encrypt, Do Not Forward, or Confidential
- Limit the recipient’s ability to copy, forward, or print the message
- Set expiration rules for emails or attachments
5. Add a Data Loss Prevention (DLP) Layer
Even with best practices, human error happens. That’s where DLP (Data Loss Prevention) comes in. DLP tools monitor messages for sensitive content like bank details, personal data, or passwords and, can block, encrypt, or alert when something risky is being sent.
We’re implementing a DLP system to protect outbound communication across our business.
- We use a powerful DLP solution, with its Checkpoint feature for internal monitoring.
- It scans communications for keywords or data patterns (e.g. National Insurance Numbers, credit card info).
- When a risk is detected, it can raise an internal alert or block the message.
What About Microsoft 365’s DLP?
Microsoft 365 also includes built-in DLP features, but you need the right licence to activate them.
E3, E5, or Premium plans unlock features like:
- Automatic encryption for sensitive content
- Policy-based blocking of risky emails
- Alerts to admins when violations occur
Worried About Data Leaks?
Submit A Form to Get Free Security Audit
If you’re unsure whether your business has DLP policies in place or how to implement secure communication practices tailored to your organisation, we can help you with a free security audit and recommend improvements.
Sending sensitive information via email doesn’t have to be a risk, if done correctly. Use a one-time sharing tool, take advantage of secure platforms like we have, and layer in DLP protections to reduce exposure and stay secure. Contact us to learn more!
