Security with email - tips from OIT

October is National Cyber Security Awareness Month.

NCSAM is a public awareness campaign to encourage everyone to protect their computers and identities.  This week: EMAIL. Avoid these common mistakes.

-Hit Send then wish you hadn’t?-

Did you know that gmail has an “unsend” function? To be honest it’s not able to recall a sent message, what it will do is put in a delay of up to 30 seconds after you hit the send button for you to cancel it if you notice a problem or realize you made a mistake:

https://support.google.com/mail/answer/2819488?

-Privacy-

Remember that traditional email has few privacy protections; your email can be read by anyone who gains access to it. Think of email as being similar to a postcard. In addition, once you send an email you no longer have control over it; you can never take it back. Your email can easily be forwarded to others, posted on public forums, released due to a court order, or distributed after a server was hacked. If you have something truly private to communicate, pick up the phone. It is also important to remember that in many countries, email can be used as evidence in a court of law. -Auto Complete- Auto complete is a common feature found in most email clients. As you type the name of the person you want to email, your email software automatically selects their email address for you. This way, you do not have to remember the email address of all your contacts, just their names. The problem with auto complete is that when you have multiple contacts that share similar names, it is very easy for auto complete to select the wrong email address for you. For example, you may intend to send an email with all of your organization’s financial information to “Fred Smith,” your coworker in accounting. Instead, auto complete selects the email address for “Fred Johnson,” your neighbor. As a result, you end up sending sensitive information to unauthorized people. To protect yourself against this, always double-check the name and the email address before you hit send.

-Replying to Email-

Most email clients have two options besides ‘To’ for selecting recipients: ‘Cc’ and ‘Bcc.’ Cc stands for “Carbon copy,” which means you want to keep people copied and informed. Bcc means “Blind carbon copy,” which is similar to Cc; however, no one can see the people you have Bcc’d. Both of these options can get you in trouble. When someone sends you an email and has Cc’d people on the email, you have to decide if you want to reply to just the sender or to everyone that was included on the Cc. If your reply is sensitive, you most likely want to reply only to the sender. If that is the case, be sure you do not use the ‘Reply All’ option, which includes everyone. With a Bcc you have a different problem. When you send a sensitive email you may want to privately copy someone using Bcc, such as your boss. However, if your boss then responds to your email using Reply All, all of the recipients will know that you secretly copied your boss on your original email. Whenever someone Bcc’s you on an email, do not Reply All, only reply to the person who sent the email.

-Distribution Lists-

Distribution lists are a collection of email addresses represented by a single name, sometimes called a maillist or a group name. For example, you may have a distribution list with the email address group@example.com. When you send an email to that address, the message gets sent to everyone in the group, perhaps hundreds or even thousands of people. Be very careful what you send to such a list because so many people may receive that message. In addition, be very careful when replying to someone’s email on a distribution list. You may intend your reply to be sent to just the individual sender, but the list may automatically include everyone, meaning hundreds (if not thousands) of people are now reading your private email. What can also be dangerous is when auto complete selects a distribution list. Your intent may be to email only a single person, such as your coworker Carl at carl@example.com, but auto complete might accidentaly send it to the distribution list you subscribed to about cars at cars@example.com instead.

-Emotion-

Avoid sending an email when you are emotionally charged. If you are in an emotional state, that email could cause you harm in the future, perhaps even costing you a friendship or a job. Instead, take a moment and calmly organize your thoughts. If you have to vent your frustration, open Microsoft Word or a text editor and type exactly what you feel like saying. Then get up and walk away from your computer, perhaps make yourself a cup of tea or go for a walk. When you come back, delete the message and start over again. Or better yet, pick up the phone and simply talk to the person, or speak face to face if possible. It can be difficult for people to determine your tone and intent with just an email, so your message may sound better on the phone or in person.

-Recap-

Email is still one of the primary ways we communicate, both in our personal and professional lives. However, we can quite often be our own worst enemy when using it for communication.

Click Here for previous year’s tips.