As much as we try to instill good email habits in the workplace, one slipup can lead to a security breach causing confidential information to get in the wrong hands. It’s one thing to email the wrong colleague a link to your favorite YouTube video, but it’s another thing to inadvertently share W-2 forms, company credit card information, or discover you’ve been caught by a phishing scam.
One fatal click on “Send” can result in the loss of thousands or millions of dollars for a company. To err is human, but to identify red flags and understand how to avoid common email mistakes in the workplace is divine.
1) Getting tricked by phishing scams — The worst email habit by far is assuming a sender is who they say they are. This is especially true when an unexpected email lands in your inbox and asks you to provide sensitive information or claims to update you on a shipment you never made.
This is a phishing attack, and it’s one of the more common email scams today. Phishing attacks are email messages designed to trick you into giving up information, either by asking you to complete and submit a form on a look-alike website or to respond to the sender with sensitive or confidential information.
Thankfully, phishing emails have a few telltale signs. First, check the email account associated with the sender in the “from” section. You can do this by hovering over the sender’s name. If the email address is off, includes an ending similar to “.ru.su.com,” or has an accounting.yourbank@office.com alias, it’s possible that it is a phishing attack. Other signs include mismatched URL addresses in hyperlinks, urgent calls-to-action or attempts to intimidate you through email. Believe it or not, poor spelling and bad grammar are other telltale signs as well.
2) Lack of awareness on the latest internet threats — Phishing attacks tie into a larger problem with email security today, and that’s a lack of awareness of internet threats. Cybercriminals have so many ways to compromise an organization through email that simply knowing common threats can put you at an advantage.
An attached image from a stranger could compromise your email account. An infected .PDF file sent by a “co-worker” could be a ransomware attack. Knowing to never, ever, open suspicious files from strangers on the internet is a solid step towards a better email security posture. If a co-worker sends you a file unannounced, connect with them on chat or in person to make sure the email is legitimate.
Additionally, cybercriminals frequently compromise public, hotel and café wireless networks. That’s why you should always use a virtual private network (VPN) to protect your connection if you ever find yourself working away from a secure network. Ask your IT department about VPN connections for more details.
3) Using personal email for work activities and vice versa— Using personal email for work is insecure and potentially damaging to your organization. Businesses provide employees with their own work email accounts because they know — to an extent — that their email service, their server and their content are secure. They know next to nothing about your Gmail account.
Your personal email account may be secured by a weak password, like “password,” or, even worse, by a password previously compromised in another security breach. Additionally, some organizations require you to use their email solution because not doing so could be a violation of the law — especially if the organization in question receives frequent Freedom of Information Act requests, is regulated by HIPAA or deals in sensitive information.
While we’re on the subject, never use your work email for personal activities. This bad habit has landed a lot of people in trouble over the years, especially those who thought it was a good idea to use their work email as the login address for shady websites like Ashley Madison.
4) Accidentally selecting reply all — This bad habit is so common that it’s become a cultural joke, but the consequences of sending a “Reply All” email to the wrong people is no laughing matter.
The risks go beyond simply annoying everyone on the thread or offending or confusing the receivers: there’s always the chance that you could relay confidential or protected information in a response intended only for the original sender. Take the time to make sure you don’t hit Reply All by accident.
5) Relying on email autocomplete — Finally, we have autocomplete. Long considered to be one of the more useful tools in modern email, autocomplete helps speed up emailing by automatically filling an email address for you.
The problem with autocomplete, though, is that it’s easy to assume you have the right recipient. That’s not always guaranteed. And, when you’re sending sensitive documents, one wrong email could constitute a data breach. In fact, in 2010, a police department in the UK accidently leaked a spreadsheet of criminal record checks to a news website because someone relied too much on autocomplete. In 2014, one unfortunate U.S. Army officer accidently sent an email detailing a shipment of Patriot missiles to Israel. So always double-check where your email will be going.
Despite the rising popularity of platforms like Slack, email is still king when it comes to business communications. That means the elemental features of email — and its vulnerabilities— will stay with us for a long time. But it’s not all bad news: new progress in data monitoring, phishing detection and file scanning show promise in blocking most modern email attacks. But we’re still a long way from worry-free email. Regardless of whether we’re sending important presentations, gossiping on the latest news or testing the waters with the latest email program, we’ll always need to keep good email habits in mind.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.