I sent a client an email the other day asking her to update the credit card that her company uses to pay for services. In the email I offered two options: call me or fill out the form I'd attached and fax it back to me. A few moments later I got an email from her. She sent me her credit card number, expiration date and CVV code in a reply email. She might as well have written that information on a postcard and dropped it in the local mailbox.
Sounds like I'm over-reacting, right? I'm not. You know that a postcard travels from one postal worker to another until it arrives at it's destination. Email travels from one user to another over the internet by being copied over and over again from one server to another until it reaches it's destination. If it's not traveling in an encrypted format, there's plenty of opportunity for the email to be copied by an unintended recipient during it's trip.
So, don't send your credit card or other personal identifying information via plain, unencrypted email. Take a few extra moments and call the person or company requesting the information. That way you can verify the need for the information and you can ask how the information is handled and protected on their end. If you need encryption for your business's email let us know.