Dr Monica Seeley’s top tips on creating and maintaining email security
As an Assistant you are often privy to highly confidential information. Yet email is one of the easiest ways to leak information quite by accident.
Five common ways to breach security and confidentiality through email are:
1 Sending an email to the wrong addressee
So easily done when most email software automatically insert what it think is the correct address. In one client organisation, a senior IT Executive and the Company Lawyer had very similar email addresses. You can guess what used to happen! The lawyer was asked complex technical questions and the IT Executive often saw highly sensitive legal information.
You think you have cleaned up all the track changes and comments etc. Unfortunately, Word has a habit of leaving meta data which shows if the document was a template used for another client and not removing all the revisions etc.
3 Managing Another Inbox
If you manage your boss’s inbox you may find yourself seeing emails which you wish you had not seen, for instance redundancy discussions, take over bid data etc.
4 Out of Office Messages
Messages which contain too much information are another weak link.
5 Technology as a Gateway
E mail is also an easy door for the cyber criminal for both identity theft and to attack social media sites. A few months ago the Associated Press (AP) twitter account was hijacked. A fake tweet went out from the AP saying there had been an incident at the White House and President Obama was involved. The Dow Jones dropped 150 points and millions of dollars were momentarily wiped off the market. The hack came about because an email was circulated from what looked like the Editor’s account saying ‘read this it is important’. Clicking on the link opened a bogus log in page from which the AP Twitter account could be hacked.
Last but by no means least, is the challenge of the technology itself and especially smart phones. Many dedicated assistants work on either a smart phone, tablet or laptop on your commute to and from the office. However, recently, the Metropolitan Police recently reported that about 7,000 smart phone are stolen every month in London.
Maintaining confidentiality is high on any top assistant’s agenda. Despite what many might think, email is here to stay at least for the foreseeable future. Moreover the working day is stretched out to encompass the journey to and from home and maybe even some time at home.
So what steps can you take to reduce the risk of a breach of security?
First take heart because in a survey we conducted, we found that in fact executives are the weakest link in the security chain:
• through forwarding emails to their home email address;
• putting confidential information in an email and then not ensuring that such emails are filtered out if their assistant manages their inbox/and or suitably protected;
• loosing their devices on trains, planes in taxis etc;
• leaving memory sticks in laptops after giving a presentation;
You can tackle the challenge at two levels, individually and corporately.
At the individual level
• Check the email address of the person to whom you are sending the email – make sure it is the right John Smith.
• Never click on links in unusual emails.
• Give your boss a checklist of five things to remember when giving a presentation which includes removing and erasing presentations from devises that are not theirs.
• Set a simple Out of Office message which discloses the minimum of information about you and the company.
• Clean all attachments and wherever possible send them as PDFs.
• Encourage you boss to set up filters when they are exchanging sensitive information which might compromise your position.
• Be vigilant when using your smart phone etc in a public place and especially if you get up to take a break.
At the corporate level
Challenge the IT and HR Department on their guidelines:
• Policy for allowing emails to be forwarded to personal email addresses.
• Protocol for using Out of Office messages – for example, only for internal senders, not at all, selected clients etc and what to say in it.
• Guidelines on words/phrases/documents which should not be included in emails.
• Technology to password protect devices when stolen or lost.
• Encrypting emails with confidential information.
• Policy on accessing public wi-fi networks.
• Educating the work force of email and social media security.
Cyber crime now costs organisations over £27bn per year which is more than physical crime. As an assistant you can play a vital role in helping your business reduce these risks and especially through educating your boss and colleagues. Taking action before there is a breach of security is far cheaper than once it has occurred. If it is a serious breach you will need to run a damage limitation media campaign and may well still lose customers.