40
Beef Up Your E-Mail Security

The convenience of e-mail and instant messaging can easily eclipse good judgment and cause security issues. Understanding that an online note can be forwarded to the entire world still doesn’t stop some people from abusing the medium. Examples of security blunders are continually hitting the headlines.

• In 2006, Mark Foley, Republican congressman of Florida, resigned because of inappropriate e-mails and IMs sent to congressional pages in 2005.

• Harry Stonecipher, Boeing CEO, resigned after e-mail love letters surfaced that had been sent to his Boeing VP mistress.

• In 2003, the Federal Energy Regulatory Committee (FERC) investigating the Enron scandal posted 1.6 million private employee e-mails alongside Enron’s business records for anyone to see. Employee’s Social Security numbers, bank information, performance reviews, and other personal information was all there, with senders’ and receivers’ names attached! Eventually, FERC removed the e-mails with SS numbers, but not before millions of people—including identity thieves—had viewed them.

To avoid such embarrassments yourself, follow this list of security guidelines.

E-mail is NEVER private. A message is like a postcard, readable by everyone who has a computer. If you forward a message to 10 people, and they, in turn, forward it to 10 people, and so on for another three layers, in a very short time 100,000 people will have the e-mail in their inbox.

Blind copies can sometimes see. If you send a message to several people and place the names in the BCC window, don’t assume that those names are hidden from others. For example, if you receive a message that has BCC attachments and then hit the “reply all” button, all the hidden recipients will show up in your “send to” window—as plain as day! To avoid this, send a separate e-mail to each individual person.

The Nigerian lawyer is not your friend. As convincing as it may appear (and as much as you may want to believe it), the lawyer that wants to dump $3 million in your lap because of a long-lost heir, is a scam. Assume the worst when it comes to winning the lotto, helping a Hong Kong businessman with a (well-rewarded) small financial favor, or personal invitations from Russian wanna-be brides.

Know when to use the phone. Regardless of the situation, you can seriously breach your own security by writing your bank account information, passwords, Social Security numbers, or credit card numbers in an e-mail. No matter how necessary or convenient it might seem, and no matter how trustworthy the recipient, the information might still get into the wrong hands. Always use the phone for conveying such personal information.

Keep it decent. Don’t send off-color jokes, discriminatory remarks, sexually explicit messages, or rude comments via e-mail. What you say can be used against you in a court of law. Unlikely? About 15 percent of companies battle lawsuits brought about by bad messages, with a similar percentage of e-mails from each company being subpoenaed for evidence.

Follow the policy. Know what your company’s e-mail policy says, and follow it. You can be fired for not following e-mail policy—claiming “I never knew” is no defense.