Which practice is considered poor security for email?

Using a confidentiality notice when sending sensitive information is often not an effective security practice because it does not inherently protect the content of the email. A confidentiality notice may indicate to the recipient that the information is sensitive, but it does not prevent unauthorized access or interception of the email. If sensitive data is included in an unencrypted email, it remains vulnerable during transmission and can be easily accessed by malicious actors.

In contrast, practices such as using encryption for all communications, regularly changing email passwords, and avoiding unknown senders are proactive measures that significantly enhance email security. Encryption ensures that even if an email is intercepted, the contents cannot be read without the appropriate decryption key. Regularly changing passwords reduces the risk of unauthorized access, while avoiding unknown senders helps prevent phishing attacks and the introduction of malware.