Email self defense

**Christopher Duncan** · 11-10-2005, 10:30 AM

I was reading an article in the NY Times this morning about the pervasive nature of email in the business world. One of their statistics was that 55% of companies retain and review all internal email.

I realize that most people aren't techies (although the percentage is higher in this crowd), but it still astounds me when people send me emails from their work address talking about work, along with many other examples that make people extremely vulnerable. Mind you, I'm not excessively paranoid about security issues, but since I write and speak about human nature, office politics and career issues, email issues quickly become relevant.

People tend to send emails with the thought that they're somehow magically transmitted through the airwaves, traveling point to point from their computer to the recepients. Of course, what actually happens is that it hops from server to server across the Internet, leaving plenty of opportunities for bored or malicious techies to intercept and read it since it's not encrypted.

More importantly, people who send email from work don't stop to think that if it goes out via the office SMTP server it can be stored and read later by IT or management personell. (I had a friend at a politically hostile company where management routinely did this to spy on other departments). Even if it has nothing to do with work and you're sending a recipie to Aunt Sally, there it is, on the company server, for someone to read. The same is true for emails that you receive on your company address.

And of course, how many times have you heard of problems erupting because someone received a confidential email but then forwarded it to others?

The bottom line is that a great many people use email as though it were a completely secure conversation. It's not. Furthermore, most of the problems people get themselves into come not from Nasty, Evil Hackers, but from regular people doing stupid or unethical things with the emails of others.

So, a few self defense tips, for those of you who don't already know them.

Don't put anything in writing that you wouldn't want broadcast on the 6:00 news. If it needs to be confidential, pick up the phone or meet in person.
Do not send or receive any non business email through your work address. Keep a separate yahoo, hotmail or whatever account for personal messages. Log on and use their web interface, not Outlook or whatever other program your company uses (as outgoing emails may still use the company SMTP server).
Be aware of these issues when sending emails to the work addresses of others. Use a personal address for them if possible for non work related correspondence.
When interacting with email at work, pay attention to the cc list, and keep in mind that not everyone is as ethical as you are.
In short, especially if you're not a techie, assume that every email you send or receive has been read by the people who could cause you the most trouble, and conduct yourself accordingly.

These tips won't make you bulletproof, but they're a step in the right direction. I realize that some of this may seem a bit obvious, but it's amazing to me how many times I hear of people getting themselves in hot water because they didn't observe these simplest of precautions. I mean, you don't really want me to read about you in the NY Times, right?

**tradivoro** · 11-10-2005, 11:36 AM

I hear you Chris... That's why I never use company email for anything personal...

**Tony Monaghan** · 11-10-2005, 11:54 AM

Over the years I've been with many companies and in some cases responsible for installing / administering the email system. almost all of these companies actively screened email content for contentious material. In one case an employee was fired for 'inappropriate' use of company email. Companies do this for self protection, mainly to avoid litigation and not with a big brother intention.

Christopher, the points you make are very important. There are many stories of emails coming back to haunt the author in a very public way. Perhaps the same safeguards should be applied to forum posts

**aelliscomposer** · 11-10-2005, 12:03 PM

This is VERY good advice - esp. #1 - to which I would add NEVER put disparaging remarks about anyone (regardless of how deserving) in an email.

I had an unfortunate experience with this: while working on the score of a film, I discovered that after many hours of toil that I had been replaced, and that the new score was nearly finished - the director had simply "forgotten" to inform me. Naturally, I was furious and forwarded the email, with remarks, to a friend, who was very supportive and appropriately nasty, but who absent mindedly hit REPLY ALL. I shortly thereafter received an email from the Director, with my friends remarks (various expletives) attached, and a note which read "I think this was intended for you".

You really don't realize how deep the pit of your stomach really is until your heart has fallen this far into it. Naturally, there was considerable fall-out from this 'mistake', and I still worry that it will marr future collaborations with those who might know the director.

Whose mistake was it? MINE - for being stupid enough to not have made a phone call instead, much less forward the actual email. I believe that I was in the right to be angry about what had happened, but this put me in the worst possible situation, without any defense. Horrible!

So yea; advice from a blockhead: heed the above!

Cheers,

Adrian

**loogoo** · 11-10-2005, 12:39 PM

Well, with some companies you can't be sure that your phone calls are private either.

**Brian2112** · 11-10-2005, 06:32 PM

Dear Christopher,

I am so glad that you posted this. Email is not safe – anyone can read it at any time. Therefore, instead of sending an email to you regarding our plot to overthrow the U.S. government, I will post it here:

All is going well. They are taking the bait comrade! If anyone found out about our communist affiliation, our careers would be doomed.

P.S. please re-send those nude pictures of those small furry animals.

O.k…sorry, sometimes I can’t resist…

In all seriousness, this is excellent advice. Anything that one puts up on the internet is at risk of being read, and/or used against you. Also, I might add that the U.S. government now has the power to monitor the internet. They have a nice computer(s) that looks for "keywords" – and it alerts someone who monitors the internet. For example, in the joke portion of this post, the words “overthrow” and “U.S. government” lit up someone’s computer at various federal agencies. They now have been given the power to then read these emails or posts, even if the post is “I love the U.S. government….oh yea and the Eagles would have won that game if the Q.B. didn’t overthrow that pass!”

Good heads-up CD!

…2112
P.S. note to Fed...

**bmpsound** · 11-10-2005, 06:41 PM

Originally Posted by Christopher Duncan

Don't put anything in writing that you wouldn't want broadcast on the 6:00 news.

Good points Chris. Does this include sending out nude pictures of one's self?

**Christopher Duncan** · 11-10-2005, 10:42 PM

Originally Posted by Brian2112

P.S. please re-send those nude pictures of those small furry animals.

Okay, now you're just scaring me.

And I don't even want to think about what federal agencies have you on their Christmas card list!

**Christopher Duncan** · 11-10-2005, 10:43 PM

Originally Posted by bmpsound

Does this include sending out nude pictures of one's self?

I'm thinking that all depends on the specifications of the self in question. Pictures of a supermodel are much less likely to reboot the mail server than one of me...