September 2016 • The Monthly Security Awareness Newsletter for Everyone
Email Do's and Don'ts
Email is still one of the primary ways we communicate, both in our personal and professional lives. However, we can quite often be our own worst enemy when using email. In this newsletter, we will explain the most common mistakes people make with email and how you can avoid them in your day-to-day lives.
Auto complete is a common feature found in most email clients. As you type the name of the person you want to email, your email software automatically selects their email address for you. This way, you do not have to remember the email address of all your contacts, just their names. The problem with auto complete is that when you have multiple contacts that share similar names, it is very easy for auto complete to select the wrong email address for you. For example, you may intend to send an email with all of your organization’s financial information to “Fred Smith,” your coworker in accounting. Instead, auto complete selects the email address for “Fred Johnson,” your neighbor. As a result, you end up sending sensitive information to unauthorized people. To protect yourself against this, always double-check the name and the email address before you hit send.
Replying to Email
Most email clients have two options besides ‘To’ for selecting recipients: ‘Cc’ and ‘Bcc.’ Cc stands for “Carbon copy,” which means you want to keep people copied and informed. Bcc means “Blind carbon copy,” which is similar to Cc; however, no one can see the people you have Bcc’d. Both of these options can get you in trouble. When someone sends you an email and has Cc’d people on the email, you have to decide if you want to reply to just the sender or to everyone that was included on the Cc. If your reply is sensitive, you most likely want to reply only to the sender. If that is the case, be sure you do not use the ‘Reply All’ option, which includes everyone. With a Bcc you have a different problem. When you send a sensitive email you may want to privately copy someone using Bcc, such as your boss. However, if your boss then responds to your email using Reply All, all of the recipients will know that you secretly copied your boss on your original email. Whenever someone Bcc’s you on an email, do not Reply All, only reply to the person who sent the email.
Distribution lists are a collection of email addresses represented by a single name, sometimes called a mail list or a group name. For example, you may have a distribution list with the email address email@example.com. When you send an email to that address, the message gets sent to everyone in the group, perhaps hundreds or even thousands of people. Be very careful what you send to such a list because so many people may receive that message. In addition, be very careful when replying to someone’s email on a distribution list. You may intend your reply to be sent to just the individual sender, but the list may automatically include everyone, meaning hundreds (if not thousands) of people are now reading your private email. What can also be dangerous is when auto complete selects a distribution list. Your intent may be to email only a single person, such as your coworker Carl at firstname.lastname@example.org, but auto complete might accidentally send it to the distribution list you subscribed to about cars at email@example.com instead.
Never send an email when you are emotionally charged. If you are in an emotional state, that email could cause you harm in the future, perhaps even costing you a friendship or a job. Instead, take a moment and calmly organize your thoughts. If you have to vent your frustration, open Microsoft Word or a text editor and type exactly what you feel like saying. Then get up and walk away from your computer, perhaps make yourself a cup of tea or go for a walk. When you come back, delete the message and start over again. Or better yet, pick up the phone and simply talk to the person, or speak face to face if possible. It can be difficult for people to determine your tone and intent with just an email, so your message may sound better on the phone or in person.
Finally, remember that traditional email has few privacy protections; your email can be read by anyone who gains access to it. Think of email as being similar to a postcard. In addition, once you send an email you no longer have control over it; you can never take it back. Your email can easily be forwarded to others, posted on public forums, released due to a court order, or distributed after a server was hacked. If you have something truly private to communicate, pick up the phone. It is also important to remember that in many countries, email can be used as evidence in a court of law. Finally, if you are using your work computer for sending email, remember that your employer most likely has the right to monitor and perhaps even read your email when using work resources. Check with your supervisor if you have questions about email privacy at work.
OUCH! newsletter is under the Creative Commons license. You are free to share / distribute it but may not sell or modify it.
Replying to Email