Email Do’s and Don’tsPosted: July 2, 2014 4:55 pm
By: InfoSec News - Information Security
Email has become one of the primary ways we communicate in our personal and professional lives. However, we can often be our own worst enemy when using it. In this newsletter, we will explain the most common mistakes people make and how you can avoid them in your day-to-day lives.
Autocomplete is a common feature that is found in most email clients. As you type the name of the person you want to email, your email software automatically selects their email address for you. This way, you do not have to remember the email addresses of all your contacts, just the recipient’s name. The problem with autocomplete comes when you have contacts that share similar names. It is very easy for autocomplete to select the wrong email address for you. For example, you may intend to send an email with all of your organization’s financial information to “Fred Smith,” your coworker in accounting. Instead, autocomplete selects “Fred Johnson,” your neighbor. As a result, you end up sending sensitive information to unauthorized people. To protect yourself against this, always double check the name and the email address before you hit send.
CC / BCC
Most email clients have two options besides the “To” field: Cc and Bcc. “Cc” stands for “Carbon copy,” which means you want to keep people copied and informed. “Bcc” means “Blind carbon copy.” It is similar to Cc, but no one can see the people you have Bcc’ed. Both of these options can get you into trouble. When someone sends you an email and has Cc’ed people on it, you have to decide if you want to reply to just the sender or reply to everyone that was included on the Cc. If your reply is sensitive, you may want to reply only to the sender. If that is the case, be sure you do not use the “Reply All” option, which will include everyone. A Bcc presents a different problem.. When sending a sensitive email, you may want to copy someone privately using Bcc, such as your boss. However, if your boss responds using “Reply All,” all of the recipients will know that your boss was secretly Bcc’d on your original email.
Distribution lists are a collection of email addresses represented by a single email address, sometimes called a mail list or a group name. For example, you may have a distribution list with the email address email@example.com. When you send an email to that address, the message gets sent to everyone in the group, which could be hundreds or thousands of people. Be very careful what you send to a distribution list, since so many people may receive that message. In addition, be very careful when replying to someone’s email on a distribution list. You may only intend to reply to the individual sender, but if you hit “Reply All,” you will have included the entire distribution list. This means that hundreds (if not thousands) of people will be able to read your private email. Another problem with autocomplete is that it could select a distribution list instead of a single recipient. Your intent may be to email only a single person, such as your coworker Carl at firstname.lastname@example.org, but autocomplete might accidently send it to a distribution list you subscribed to about cars.
Never send an email when you are emotionally charged. An email written in an emotional state could cause you harm in the future, perhaps even costing you a friendship or a job. Instead, take a moment and calmly organize your thoughts. If you have to vent your frustration, open your email client, make sure it is not addressed to anyone and type exactly what you feel like saying, then when you are done, get up and walk away from your computer, perhaps make yourself a cup of tea. When you come back, delete the email and start over again. Even better, pick up the phone and talk to the person, as it can be difficult to determine tone and intent with just an email.
Email does not have an ‘undo’ button. Whenever you send an email, slow down for a moment and double check what you are sending and to whom before hitting the send button.
Finally, remember that traditional email has few privacy protections. Anyone who gains access to your email can read your messages. In addition, unlike a phone call or personal conversation, you no longer have control over an email once you send it. Your email can easily be forwarded to others, posted on public forums and may remain accessible on the Internet forever. If you have something truly private to communicate, pick up the phone. It is also important to remember that email can be used as legal evidence in many countries. Finally, if you are using your work computer for sending email, keep in mind that your employer may have the right to monitor and read your email. If you use your work computer to access your personal email account, this could include your personal email. Check with your supervisor if you have questions about email privacy at work.