I was astonished to receive my season tickets as 19 PDF attachments to a normal email. There is no security at all on an email attachment. Any server along the delivery path could have kept a copy of the attachments, and anyone who looked at the files would immediately determine some of these are valuable on the open market. From a data security perspective, this is embarrassing. To send them as 19 separate files, as opposed to one combined PDF, is just amateurish. Sigh!
So, what should have been done? Well, they should have sent an email with a link to a secure site where you log in with your account number and password, and then download the files (or better yet, one large PDF file). There are off-the-shelf solutions that have this capability, as well as web services that provide it.
Another alternative would be to wrap the attachments into a single password-protected zip file (which is encrypted), then email that file. That password could be your account number or even your user pin on the ticket ordering site.
So, what should have been done? Well, they should have sent an email with a link to a secure site where you log in with your account number and password, and then download the files (or better yet, one large PDF file). There are off-the-shelf solutions that have this capability, as well as web services that provide it.
Another alternative would be to wrap the attachments into a single password-protected zip file (which is encrypted), then email that file. That password could be your account number or even your user pin on the ticket ordering site.
