Writing effective, secure emails

Email miscommunication frequently undermines business (and personal) relationships and sabotages productivity

Are you losing business because of poorly written emails?

Have you ever experienced blowback from a poorly or hastily written email? If not, you’re either incredibly lucky or off-the-scale in emotional intelligence! Despite the growing prevalence of social media, email remains the most common form of written communication in the business world.

It’s also the most commonly abused. How so? Too many people incorrectly assume that brevity permits a directive, disrespectful tone. Others strike an overly familiar tone by using inappropriate abbreviations, ‘screaming’ with all caps, or adding emoticons. (Yes, some still do those things…).

Even loyal customers may be alienated by a poorly written or undiplomatic email. For the same reason, it’s critical that your employees learn and observe the rules of email etiquette when communicating with their colleagues. Unfortunately, email miscommunication frequently undermines business (and personal) relationships and sabotages productivity.

No matter how routine your message, always proofread it. If your emails are incoherent or include grammatical errors, that can be career limiting. And, if your emails fail to consider the reader’s needs and point of view you can easily alienate a customer or business associate. That’s why I recommend you read your emails at least three times before hitting the send button.

Email ‘Rules of the road’

Strengthening client and colleague relationships via email isn’t rocket science. The following ‘rules of the road’ are simple, but exacting:

  • Speak directly to your readers’ needs and interests in your subject line. Not your needs, their interests…
  • Be brief, polite, and specific about what you’re requesting. Setting a friendly tone doesn’t require more than a few added words or phrases. Remember people reading your email may be in a bad mood and will not respond well to what they may perceive as thoughtless or disrespectful.
  • Provide all the information required for follow through.
  • If longer than two or three paragraphs, reduce the message and attach supplemental information.
  • Avoid sending large attachments. If necessary, save large files to the server and send recipients the web address.
  • Add a simple signature block with appropriate contact information.
  • Respond promptly to important, actionable email. If you need more than the time allotted to make a decision or obtain requested information, send a short message explaining the delay.
  • Avoid the all-too-common practice of sending out unnecessary emails. If uncertain about what is included in that category, ask your management for guidance.
  • Don’t include more than one key link in your email to avoid spam filters.
  • Avoid inserting images, even HTML print, if you want your mail to be accessible across platforms

As with any form of digital communication, your email can be read by anyone. So, be especially careful to maintain a high level of professionalism even in routine messages. And show respect for the privacy of others and that or your organization by not forwarding email without consent. I’ll be providing an overview of email privacy strategies in Part II of this blog post next week.

If your company is among those that allow text messaging, remember that not all of your business recipients have a text messaging plan. Also, be aware that text messaging is inappropriate for anything beyond the simplest logistical issues.

Close your email security gaps

Have any of your email accounts ever been hijacked?

And have you, like most of us, received bogus stealthware attachments from friends’ accounts (either current or expired) that have been compromised? First among the serious dangers of opening such attachments: automatic installation of malware and hijacking your account with infected messages that are then forwarded to all your contacts.

You close such mail immediately and contact the person to ask if the message is actually from them. Right? Most of you have probably had to do this many times. Fortunately, when the subject line of such mail is missing or inconsistent with a friends’ interests/personal style, you know it’s a red flag.

However, not all scams are so easily identified.

The quote from this week’s NYT describes a current threat that could impact you:

“Researchers (say) they have been tracking (a) particular (Nigerian) criminal operation, which they call Silver Spaniel, for months. The attacks begin, as so many do, with a malicious email attachment. (Ah, yes, dear reader, yet another example of the dangers of wanton clicking.) Once clicked, victims inadvertently download malicious tools onto their devices; one, NetWire, is capable of remotely taking over a Windows, Mac OS or Linux system, and another, DataScrambler, makes sure the NetWire program is undetectable by antivirus products.” (NYT, July 22, 2014)


Change your email account passwords frequently
When was the last time you changed your email account password? Most of us postpone this necessary security task far too long. Another critical issue: if you’re like the many folks who use the same password for their email and online banking accounts, you’re leaving yourself wide open to identity theft. Use separate passwords for your different accounts and change them frequently. That said, unless you download one of the secure software tools to privately track all your passwords, who can keep track? I tried one of these password tracking tools (because I’m lucky to remember just one password) but had to uninstall it because it slowed my system down.

That’s why I’ve opted for two passwords that I change regularly, as follows–

Apply a simple, safer password formula

You may have read recent articles on creating (relatively) safe passwords. If not, consider applying the following formula for your email accounts: (1) Choose a sentence that is meaningful and easily remembered, such as, “I met my wife in San Antonio.” (2) Use the first letter of each word, alternating upper and lower case and combine with some numbers (in this case, you could embed your wife’s birthday) resulting in–ImMw012274IsA. Again, that could be for your email account. Now apply the same formula to create a second password that you use exclusively for your banking and other financial transactions. Finally, create a third password for all your remaining accounts.

Stop spam via your email service provider or separate software

Spam is a time-killer (if you open just 3 spams a day, you’ll waste 15 hours a year, according to Ferris Research). It’s also a massive security problem. Even unsubscribing to a spammy newsletter, for example, can cause problems.

Back up your hard drive every few days, and more often when you complete new project work

Some attacks are so serious that they require you wipe your hard drive and begin from scratch. And there is the constant threat of hardware failure. So, you absolutely need a backup drive and/or complete system redundancy in a cloud-based service. (Most attacks, by the way, are aimed at either defrauding you or damaging your reputation.)

Protect your mobile devices

There’s an increasing amount of malicious code targeting Android mobile phones. By comparison, with the iPhone 5S the new Touch ID–security has been significantly enhanced. Still, those with older iPhone models often fail to protect their phones with a pin or lock screen.

Important Email Security Considerations-

  • The pros and cons of encryption services;
  • Ensuring both external and internal security; and
  • Compliance with government data privacy security regulations.

Virtually anyone can read your Email in transit, including employers, the NSA, and hackers.

Why is email so vulnerable to hacking?

Your email can be read by others as easily as a postcard sent by snail mail. How so? It travels through numerous unsecured routers and mail servers on its way to the recipient. Virtually anyone can read it in transit, including employers, the NSA, and hackers. Moreover, mail servers automatically generate unprotected backups of email passing through. Consequently, every email leaves a digital paper trail that can easily be accessed even years later.

Some security professionals argue that the billions of emails transmitted on a daily basis make it unlikely that an individual hacker will locate and exploit any particular email. I would counter that with the increasing power of personal computers, less easily secured digital devices, and the growing sophistication/availability of data-mining software–this kind of ‘protection’ is temporary at best.
One thing is clear: there is absolutely no anonymity with online email providers, such as Yahoo! Mail or Google’s Gmail, and browsers that display context-sensitive advertisements based on what you have been reading. While such data mining is automated and supposedly secure, many IT experts have expressed concern about the long-term ramifications of this technology.

Employee email cannot be private

Do your employees know that their email is company property? They need to understand that email content monitoring helps protect an organization’s financial information, client data, employee data, unreleased products, and new marketing strategies. When such information is mindlessly forwarded by employees to the wrong recipients, irreversible loss and damage to an organization’s or individual’s reputation can result. The greatest vulnerability comes from hackers and industrial spies who use social engineering to trick employees into revealing critical data. …Which raises the issue of encryption. A few introductory words about that later in this blog.

Parallel threats you should be aware of–

  • Modification of messages–Email contents can be modified during transport or storage by a hacker using a spoofing tool like “ettercap.”
  • Masquerade–Bogus messages can be sent in the name of another person or organization.
  • Spoofing–Similarly, false messages/malicious editing can be inserted into the mail system of another user either from within a LAN or from an external source via a Trojan horse.

Training and best practices

A company needs to do more than just post email security guidelines. According to recent research, when an organization invests in effective training, the percentage of employees vulnerable to phishing and other nefarious tactics can plummet 90% or more. One study revealed that 15% of a company’s employees were at risk prior to training–after which there was a 12-folks increase in vigilance.

Compliance with government data privacy security regulations

Does your organization fall under federal compliance regulations? Many financial and health care companies do, as with, e.g., the Health Insurance Portability and Accountability Act of 1966 (HIPAA). Ignoring such rules is heavily penalized. –Even if compliance regulations don’t apply to your industry, take a careful look at them regardless because they provide a helpful model for data security. One recent cautionary example–a hospice in Idaho lost ONE laptop with a resulting fine of $50,000, a significant financial loss for that industry.

Encryption: First issues

I’m hoping that your company already has an encryption system in place to scramble email messages/attachments on your computers into unreadable code (which is then unlocked at the other end by a key). If not, do not use email for your most secure communications!

Internet encryption comes in so many forms that it requires a separate blog post. Some introductory background–

  • When your sensitive information, e.g., your social security number, credit card numbers, etc., is requested, encryption MUST come into play on any internet transaction. If not sure that such protection is in place, click away from the link!
  • Increasingly, more users are encrypting their private email accounts and documents, though this trend hasn’t yet achieved critical mass.
  • There is so much concern in the U.S. about NSA and even more pervasive private sector spying that some corporations are moving their operations abroad.