October 2018 • The Monthly Security Awareness Newsletter for Everyone
Email Oops, and How to Avoid Them
Email is still one of the primary ways we communicate, both in our personal and professional lives. However, we can often be our own worst enemy when using it. Here are the four most common mistakes people make with email and how to avoid them.
Autocomplete is a common feature in most email clients. As you type the name of the person you want to email, your email software automatically selects their email address for you. This way, you do not have to remember the email address of all your contacts, just their names. The problem is that when you have multiple contacts with similar names, it is very easy for autocomplete to select the wrong email address for you. For example, you may intend to send a very sensitive email to Janet Roberts, your coworker in accounting. Instead autocomplete might select the email address for Janice Rodriguez, your kid’s soccer coach. As a result, you end up sending sensitive work email to someone you barely know. To protect yourself, always double-check the name and email address in any sensitive email before you hit send.
In addition to the To field, when you create an email you also have a CC: option. CC: stands for carbon copy, which allows you to copy additional people on your email and keep them informed. When someone else sends you an email and has CC’ed people on it, you have to decide if you want to reply to just the sender or if you want to Reply-All to everyone that was included on the email. If your reply is sensitive, you most likely want to reply only to the sender. However, be careful when selecting Reply. It’s very easy to mistakenly hit Reply-All, which means you would reply to everyone on the email. Once again, whenever sending or replying to a sensitive email, always double-check who you are sending the email to before you hit send.
Never send an email when you are emotionally upset. The email could harm you in the future, perhaps even costing you a friendship or a job. Instead, take a moment and calmly organize your thoughts. If you need to vent your frustration, open up a new email (make sure there is no name or email address in the To section) and type exactly what you feel like saying. Then get up and walk away from your computer--perhaps make yourself a cup of coffee or go for a walk. When you come back, delete the message and start over again. Or better yet, pick up the phone and simply talk to the person, or speak face to face if possible. It can be difficult for people to determine your tone and intent with just an email, so your message may sound better on the phone or in person. Remember: humor (especially dry humor) does not always translate well in emotional emails; people may not understand your message.
Finally, email has few privacy protections. Your email can be read by anyone who gains access to it, similar to a postcard sent in the mail. Your email can easily be forwarded to others, posted on public forums, released due to a court order, or distributed after a server was hacked. If you have something truly private to say to someone, pick up the phone and call them. It is also important to remember that in many countries, email can be used as evidence in a court of law. Finally, if you are using your work computer for sending email, remember that your employer may have the right to monitor or read your email when using work resources.
Subscribe to OUCH! and receive the latest security tips in your email every month.
OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley