Rossander’s Security Reader

Back by popular demand, this "encore tip" is a reminder to be especially professional in your email communications. Please share this seasonal message with your co-workers. (This Tip was first run in October 2006.)

Halloween is a time for scary stories – tales of vampires and ghouls rising from the dead to terrify innocents – a time when things that you thought were dead and buried come back to haunt you.

Unfortunately, the analogy between badly written email and the undead is sometimes all too appropriate. A hasty word can return to haunt you long after you hit the send button and thought the conversation was over. Careers have been destroyed, money lost and relationships ruined when an email returned from beyond.

Americans have a bad habit of treating email very casually – as an extension of our last phone conversation or a continuation of the chat in the hallway. We assume that the message is private and that recipient will understand the context and correctly interpret our tone.

In fact, email is more like a postcard – anyone can read it while it’s in transit^† and any of the recipients can save it, forward it or post it to the internet. Electronic copies can remain in archives and electronic message hubs all over the Internet – places that neither the sender nor the recipient can control. Emails can be subpoenaed and forced into the public record. You have no right of privacy in your email, either sent or received. When you write an email, you must assume that it will be read by an unknown and unforeseen audience.

That unknown audience will assume that you carefully crafted and wordsmithed your message (or, if not, that the hurried email is evidence of the writer’s “real state of mind”). They will not believe that you were “just joking” and won’t care that you were trying to dash off a quick note. They will interpret the tone according to their own preconceptions.

Always assume that anything you write will come out at the worst possible time and in the worst possible light. Be professional in your email. Include enough context that the unforeseen reader understands the message. Be personable yet professional in tone. (In particular, never use sarcasm in email.) Never write anything that you would be embarrassed to see on the front page of tomorrow’s newspaper.

Remember, email can come back to haunt you.

^† Footnote: The comment that “anyone can read [your email] while it’s in transit” is less true if you have email encryption with your business partners but your words can still be saved, forwarded or otherwise sent outside your control. Please don’t assume that email encryption will protect you from sloppy wording.

This article was originally published in the Jul/Aug 2007 edition of The Agent Newsline, a publication of Westfield Insurance.

Are personal e-mail accounts acceptable for work? What are the advantages and disadvantages to your agency? The lines between personal and professional life often become increasingly blurring. One of the advantages of allowing personal use can be that a few minutes to check e-mail during a lunch break can help staff feel connected and productive for the rest of the day.

Keeping personal e-mail accounts separate from work e-mail accounts can have some real advantages for your agency.

• First, it helps to keep business and personal issues separate. Work is completed on the employee’s official e-mail account, and they can talk to family and do their Internet shopping via the personal account.
• Second, it keeps a lot of the spam messages out of your agency e-mail box. Spammers can find you in lots of different ways but some of the most common involve scanning internet chats and shopping sites for e-mail addresses. If you use a work e-mail address and the spammers find you, they can rapidly invest the account – and you can’t easily change it because that’s were customers expect to find you. In addition, if you use one of the free web-based services like Hotmail or Yahoo and the spam gets too bad, you can always abandon the account and open a new account.
• Third, if set up correctly, it’s portable. When you’re no longer an active employee, you will lose the companyprovided e-mail address. A personal address provides continuity during your transition. If you use one of the web-based services, you’re not even dependent on your personal Internet service provider.

Here are a few things to keep in mind.

• A good rule of thumb to follow is to not allow use of a personal e-mail account for work-related communication. Customers and coworkers expect us to communicate through a consistent channel. In these days of spam and e-mail spoofing, messages from any address other than your regular domain will be met with justifiable suspicion.
• Make sure that you tell employees that you retain the right to monitor personal e-mail if they check it on a work computer. Employees have no right to an expectation of privacy in anything they do on a work computer or system.
• Remind them that if they’re on your work computer, all the normal rules about professionalism and appropriate use still apply, even though it’s their "personal" account.

The Internet Crime Complaint Center (IC3) has received reports of multiple email hoaxes claiming to be from a soldier deployed to Iraq. The individual claims to be in possession of millions of dollars and requests assistance in moving the funds. In one of the more common variations, the funds allegedly came from a soldier who was an orphan and recently died while on a mission in Iraq. The sender of the email claims to want assistance with donating the funds to an American orphanage.

If you receive this email, it is a hoax. DO NOT RESPOND. Delete the message – without opening it if possible. This scam is designed to convince you to reveal your own personal banking information.

Be very cautious when responding to any requests delivered through unsolicited email. Be skeptical of individuals representing themselves as officials asking for donations or requesting the movement of funds to a charity or other program. There is no legitimate reason why a donor (or anyone else) would be unable to wire funds anywhere they wanted by themselves.

If you want to donate to a charity, ensure that the contributions are received and that they will be used for the intended purposes. Go directly to recognized organizations. Do not rely on others to make the donation on your behalf.

If you have received this or any similar hoax message, you can file a complaint at www.ic3.gov.

The average cell phone has a life expectancy of 18 months. What happens to all your personal information when you upgrade your phone? In too many cases, that personal information gets passed along to the next user.

Personal information can include:

This is not an all-inclusive list. Modern phones also include calendars, memo pads, to do lists and other applications, all of which you might have used and which might have personal or business information that should be kept private.

Most phones include a delete function but independent reviews of those delete functions show them to be mostly pretty poor. Good hackers can undelete the information on most common cell phones with only a little specialized equipment and knowledge. To protect your privacy:

• Treat a phone’s text message service with the same caution that you use for unsecured email. Be especially professional in your use of text messaging.
• Make sure that your old information is really gone before giving the phone to a friend, family member, charity or try to sell it online. (If all else fails, a 2½ lb sledge hammer does a very reliable job of making the data unreadable – but it won’t be worth much when you’re done.)

For additional information and a real-life scenario, read this recent story from CNN.com.