HIPS Series > Safer Emailing and IMing, part 2

How to take this course

We can't stress enough the importance of mastering skills related to electronic mail.  It is perhaps the most used of workplace communications tools today. 

As we noted at the beginning of part 1, the average office worker spend hundreds of hours a year sending and receiving thousands of emails.  Even a small improvement in one's email skills can save a lot of time.  It can also result in significant improvements in information security for your organization.

As we also noted in part 1, instant messaging (IM) use may someday supplant email as the dominant workplace communications tool.  Using it safely and efficiently is also critical.

As with driving a car on the planet's physical highways, you have to accept that not everyone on the information highway follows the rules for politeness and safety.  The best you can do is set a good example, and protect yourself with defensive measures.

One way to do that is to respond promptly to the messages you receive, following the tips we've given you so far.  If you are prompt, you'll be spared the "Did you get my email?" email. 

If you can't provide a full response right away, it's good form to send a prompt "got your message" response, with a promise to reply in full at a later date. 

It is not good form to ignore colleagues' or customers' email when it is clear that a response is expected.

While you're under an general obligation to respond promptly to email from real persons, that's exactly the wrong thing to do with spam, spoofs and hoax messages. 

Simply delete spam.  Do not respond, even to try to "opt out" of future correspondence.  This often only generates more spam, because it confirms your email address is a "live" one.

There are some new federal and state legal protections against spam.  Most organizations also have some kind of spam filter in place on their email systems.  These legal and technical protections help, but most people still find a large volume of junk in their in-boxes.  Just accept that, for now, it's the price of using email.

Unsolicited email isn't just annoying; it can be dangerous.  Be on the lookout for phishing email that asks for sensitive information about you or your organization -- or that points you to a Web site that asks for information. 

In general, be cautious about any email that asks you to do something -- such as open an attachment or click on a link to visit an unfamiliar Web site.  Unless you are confident about the email source, just say no.  (If you're not sure, pick up the telephone and check.) 

That attached file could contain a virus or other malicious software, including data-harvesting spyware.  That Web link could take you to a phishing site that looks genuine, but is actually aiming to get information from you in order to commit identity fraud.

We need to say it one more time:  Always be cautious about attached files in email.  These are a prime source of malicious software. 

Your anti-virus software should be configured to automatically scan all email, and to scan all attachments before opening.  But even with that protection, you cannot be sure that the software will catch everything.  Malicious software now spreads so fast on the Internet that it can get to your computer before your anti-virus software can be updated to recognize it.

Never, ever open an attachment if you have any doubts about the source. 

Remember also that malicious software can take over a victim computer's email, and then send out more infected messages.  Even if an attachment appears to come from someone you know, it may be unsafe. 

If an email appears suspicious in any way, contact the originator to confirm that he/she really sent it.

Be careful about re-sending what people send to you.  Consider the audience that the original sender intended.  This is simple politeness, and it is critical for security too.  In general, do not re-send others' messages to you on to a broader audience without permission.

Remember that messages often include copies of all the exchanged emails that have led up to the current one.  This email "thread" can contain information that is unsuitable for others to see, even if the current message is innocuous.

Don't forward material that might be considered defamatory, harassing, racist, sexist, obscene or ... well, you get the idea.  (And, as we told you in part 1, don't write it yourself in the first place.)  You are judged by messages that carry your name, even if you are not the originator.

Just as we urge you not to reply to spam, spoofs and other hoaxes, we urge you not to forward such messages either. 

As we also noted in part 1, one of your goals should be to make what you send as concise as possible.  Another should be to send fewer emails.  That's better for security, and it's a courtesy to your correspondents.

If someone sends you several emails on the same subject, read them all before replying to any of them.  Try to consolidate the reply into a single, brief message whenever possible.

If more than one correspondent is involved, consider whether everyone needs to see your reply, or just a select few.  REPLY ALL is an over-used feature!  

For both security and politeness, also be careful about anyone you add to an on-going email exchange.   (As with forwarding, remember that the email "thread" can contain information that is unsuitable for others to see, even if the current message is innocuous.)

It's often a good idea to put messages you want to keep in separate files or folders.  A large inbox can slow down your email system's performance, and make it harder to find particular messages.

Printing messages is generally not a good way to keep track of them, however.  Printed copies are also a security risk.  If what you print contains sensitive information it must be physically stored in a secure place, and it must be securely destroyed (by shredding) when no longer needed.

It is often easier and safer to keep messages on your computer, and rely on the email system's SEARCH facility to find particular messages.  However, if your computer isn't secure, all these stored messages are still at risk. 

In most email systems, deleting email is a two-stage process.  The first stage puts the message in the "trash" -- where you can still easily retrieve it if you change your mind.  The second stage "empties the trash" -- after this, you generally cannot get it back.  At least not easily.

Some of the most sensitive information on your computer resides in your email in- and out-boxes, and in the files and folders where you've stored old email.  It's good practice to clean up these collections, by deleting or archiving backup copies of what you do not really need.  But you must still protect the CDs, DVDs and other storage media you use for backup, as well as your computer itself.  Don't get careless!

Many people like to "multi-task" -- particularly when emailing.  Some prefer music, radio or TV in the background.  Others carry on phone conversations.  Some do email while in meetings or walking around, using wireless PDAs or smart cellphones.

Unfortunately, most of us aren't nearly as good as we think at doing more than one thing at a time.  So multi-tasking can be a recipe for errors.  Inattention to the details of email can get you into trouble -- that's why we tell you to THINK BEFORE YOU SEND.

From a security perspective, we're just concerned about the mistakes.  But you should also realize that there's a potential politeness issue here -- if a person is expecting your full attention and not getting it because you're doing email at the same time.

Be sure you understand the local etiquette at your organization before catching up on your email while in a meeting or other gathering. 

Email is not always the most efficient choice for communicating with co-workers.  Unlike a telephone call, email cannot leverage the communication content that your tone of voice, volume and pace of speaking can convey in a telephone call.  Unlike a face-to-face meeting, it cannot leverage the rich communication content that body language and facial expression provide.

Because of these limitations, email "conversations" can require an excessive series of back and forth messages to reach a simple outcome. 

Perhaps you have heard this particular advice before: "Never have an argument using email.  Especially if you're right."   The reason is precisely because disagreements are most easily resolved when you have all the "channels" of human communication available.  Email limits you to the words alone.

Remember this particularly when you are communicating with someone whose primary language is different than your own, or when you are communicating about a topic that requires a technical vocabulary that might not be clear to a recipient.

You should always consider picking up the telephone instead -- or, if possible, making a visit to a colleague's office -- when you need to communicate something complex, detailed or potentially emotional.

Instant messaging may someday overtake email as the dominant means of workplace communications.  For younger workers, it probably already is dominant.

As we noted in part 1, IM is like email in that it should generally be considered insecure.  "Public" IM systems like those offered via AOL (AIM), Google, MSN and Yahoo are so insecure that their use is often banned in the workplace.  As an alternative, many organizations now offer their own "enterprise" IM systems with security features built in.

The same considerations about attachments and links in messages obtain in an IM conversation.  Be careful about what you send; be careful about what you receive.

IM's easy back-and-forth communication makes it somewhat more like the telephone.  It is easier to correct misunderstandings as they arise.  Such systems may have emoticons built in, to convey mood and emotion -- and, unlike in email, it's generally acceptable to use them.

Don't let the informality lull you into carelessness about what you type.   As with email, IM conversations can be considered official correspondence.  Typically they will be recorded in full, and become part of your organization's electronic records.  At the least, each party to the conversation will have a "transcript."

As we said at very beginning, we are not trying to get you to stop using email ... or IM.  We just want you to be (more) careful when you do.  Always remember:

(1) Workplace email/IM messages can be considered official documents, so the content deserves some of the same care as letters, faxes or other official communications.
 
(2) Email/IM is not generally a secure means of communication.  Be conservative about what you put in your messages and attachments (even if you think you have a "secure" system) and be careful about where you send them.

(3) Not everyone is as careful as you are about email/IM, and some are out to do deliberate harm.  Be vigilant about what is sent to you.

•  •  •  •  •

Help us make this course better -- take the online course evaluation. The quiz for this course is here.

•  •  •  •  •