I was reading an article in the NY Times this morning about the pervasive nature of email in the business world. One of their statistics was that 55% of companies retain and review all internal email.
I realize that most people aren't techies (although the percentage is higher in this crowd), but it still astounds me when people send me emails from their work address talking about work, along with many other examples that make people extremely vulnerable. Mind you, I'm not excessively paranoid about security issues, but since I write and speak about human nature, office politics and career issues, email issues quickly become relevant.
People tend to send emails with the thought that they're somehow magically transmitted through the airwaves, traveling point to point from their computer to the recepients. Of course, what actually happens is that it hops from server to server across the Internet, leaving plenty of opportunities for bored or malicious techies to intercept and read it since it's not encrypted.
More importantly, people who send email from work don't stop to think that if it goes out via the office SMTP server it can be stored and read later by IT or management personell. (I had a friend at a politically hostile company where management routinely did this to spy on other departments). Even if it has nothing to do with work and you're sending a recipie to Aunt Sally, there it is, on the company server, for someone to read. The same is true for emails that you receive on your company address.
And of course, how many times have you heard of problems erupting because someone received a confidential email but then forwarded it to others?
The bottom line is that a great many people use email as though it were a completely secure conversation. It's not. Furthermore, most of the problems people get themselves into come not from Nasty, Evil Hackers, but from regular people doing stupid or unethical things with the emails of others.
So, a few self defense tips, for those of you who don't already know them.
These tips won't make you bulletproof, but they're a step in the right direction. I realize that some of this may seem a bit obvious, but it's amazing to me how many times I hear of people getting themselves in hot water because they didn't observe these simplest of precautions. I mean, you don't really want me to read about you in the NY Times, right?
- Don't put anything in writing that you wouldn't want broadcast on the 6:00 news. If it needs to be confidential, pick up the phone or meet in person.
- Do not send or receive any non business email through your work address. Keep a separate yahoo, hotmail or whatever account for personal messages. Log on and use their web interface, not Outlook or whatever other program your company uses (as outgoing emails may still use the company SMTP server).
- Be aware of these issues when sending emails to the work addresses of others. Use a personal address for them if possible for non work related correspondence.
- When interacting with email at work, pay attention to the cc list, and keep in mind that not everyone is as ethical as you are.
- In short, especially if you're not a techie, assume that every email you send or receive has been read by the people who could cause you the most trouble, and conduct yourself accordingly.