How simple best practice measures can cut down the risks
In the first of a new series on email best practice, Dr Monica Seeley looks at how to manage the risk of staff losing data through email.
A recent survey by security company Kroll found that incidences of data theft have overtaken those of physical theft. Not surprisingly, financial services and professional services firms are among the most vulnerable to data theft because so much of their business involves producing information rather than physical goods.
However, careless use of email can easily expose any business: for example, staff who send an email to multiple people with all the names in the To or Cc box immediately tell everyone else who they are dealing with on the matter - for example, other resellers, suppliers or journalists.
One of the best examples is a well-known London estate agent which sent out details of a new property to potential buyers, two of whom were in the middle of an acrimonious divorce and up until then had managed to keep their future plans concealed from each other.
Another weak link is the forwarded email: the email is long, for instance, and a staff member forgets to check the whole chain and inadvertently forwards highly confidential or sensitive information.
Then there is classic of sending emails to the wrong Jane Smith. Although most email software has a recall function, in reality there is no such thing as recalling an email sent in error. By the time staff realise and send the recall request, the damage is often done - they have leaked the information.
There is also content management software, which will check what content and to whom employees are sending emails, but such technological solutions cannot counter human errors such as those described. Employees must also remember that an email is just like sending a postcard: anyone who wants to will find a way to read it.
Here are five key ways to ensure your staff manage and reduce the risk of human error leading to data loss through email.
- They should turn off the address autofill function
- If they do use the automatic address function, they should check they are sending the email to the right Jane Smith or John Brown
- Before forwarding an email, staff should review the content of the original email and especially a long chain and delete unnecessary information
- When staff are sending emails to several people, they should put all the names in the Bcc box rather than the To or Cc box. This practice avoids exposing all the names of those involved
- When expecting confidential emails, staff should ask the sender to put the word 'Confidential' in the subject line and have a rule that diverts such emails automatically to a folder, especially in situations when someone else is keeping an eye on their inbox - for example, when they are on leave
Dr Monica Seeley is an international expert on email management. She is a visiting fellow at Cass Business School, City University, and has just written her third book Brilliant Email published by Pearson. You can follow her daily email tips and hints on Twitter.