Best Practices for Writing Leak Resistant Emails
In a recent post I wrote that anyone using email should remember that the enemy is listening, and that you should assume that everything you write might be leaked and write accordingly. Since then many people have asked for more practical guidelines about exactly how you should do this, so here are five essential best practices. You cannot stop emails being leaked but at least you can minimize the fallout.
Don't write more than you have to. Most people write a lot more than they have to. This extra information slows down readers and makes misunderstandings more likely anyway, so re-read every message before you send it and delete anything that isn't needed. This is good practice anyway, but also limits the damage when a message is leaked. That extra, unnecessary content could be the part that embarrasses you or could add context that makes an otherwise oblique message much clearer.
Maintain a polite, respectful and calm tone. Sometimes it's not so much the content but the tone that makes a message embarrassing. In the 2001 Cerner Corporation email leak the angry tone and overuse of capitals probably led to the leak in the first place and in the 2014 Sony Pictures email leak the generous use of expletives contributed to giving a poor impression of the senders that made the leaks even more damaging.
Use code names rather than actual descriptions. Sometimes using a code name for an operation, a person or a place can be a handy shorthand that makes typing easier. It also makes leaked content much less useful to a rival. They might suspect that a certain code word refers to something but they cannot easily prove it. This technique has long been used by the military precisely for these reasons. Take care, though, to choose genuine random names for code words to avoid creating even more embarrassment.
Separate different parts of the thread. In a normal email thread you might leave all the messages and replies together for convenience. Very often people forward chains of messages to new recipients without checking the entire thread so this is a hazardous practice. Keep each message self contained and don't rely on forwarded content for the context. A complete thread is much more damaging when it leaks because it provides the context for each individual message and makes it much easier for someone else to reconstruct what happened.
Never put really sensitive information in an email. No matter how careful you are with both your writing practices and your information security there are some things that just should never be written in an email, even when it is encrypted. For the most sensitive information use encrypted message apps, use the phone or deliver messages in person. You might also use Skype, Google Hangouts or FaceTime for sensitive messages because anyone overhearing the audio is missing valuable information that is conveyed by body language and facial expressions.
And in any case always remember that the enemy might be listening. When you look back over an email for a final check ask yourself how it will look in the New York Times or ask yourself how a rival might enjoy reading it. No amount of security can stop someone simply copying an email and walking out the door with it, so never rely entirely on firewalls, passwords and encryption.
Lectures, Workshops, Coaching and Writing
If you would like a lecture, workshop, one to one coaching or writing about email or any other communication topic you can contact the author Andrew Hennigan at speaker@andrewhennigan.com or 0046 730 894 475.
Don't write more than you have to. Most people write a lot more than they have to. This extra information slows down readers and makes misunderstandings more likely anyway, so re-read every message before you send it and delete anything that isn't needed. This is good practice anyway, but also limits the damage when a message is leaked. That extra, unnecessary content could be the part that embarrasses you or could add context that makes an otherwise oblique message much clearer.
Maintain a polite, respectful and calm tone. Sometimes it's not so much the content but the tone that makes a message embarrassing. In the 2001 Cerner Corporation email leak the angry tone and overuse of capitals probably led to the leak in the first place and in the 2014 Sony Pictures email leak the generous use of expletives contributed to giving a poor impression of the senders that made the leaks even more damaging.
Use code names rather than actual descriptions. Sometimes using a code name for an operation, a person or a place can be a handy shorthand that makes typing easier. It also makes leaked content much less useful to a rival. They might suspect that a certain code word refers to something but they cannot easily prove it. This technique has long been used by the military precisely for these reasons. Take care, though, to choose genuine random names for code words to avoid creating even more embarrassment.
Separate different parts of the thread. In a normal email thread you might leave all the messages and replies together for convenience. Very often people forward chains of messages to new recipients without checking the entire thread so this is a hazardous practice. Keep each message self contained and don't rely on forwarded content for the context. A complete thread is much more damaging when it leaks because it provides the context for each individual message and makes it much easier for someone else to reconstruct what happened.
Never put really sensitive information in an email. No matter how careful you are with both your writing practices and your information security there are some things that just should never be written in an email, even when it is encrypted. For the most sensitive information use encrypted message apps, use the phone or deliver messages in person. You might also use Skype, Google Hangouts or FaceTime for sensitive messages because anyone overhearing the audio is missing valuable information that is conveyed by body language and facial expressions.
And in any case always remember that the enemy might be listening. When you look back over an email for a final check ask yourself how it will look in the New York Times or ask yourself how a rival might enjoy reading it. No amount of security can stop someone simply copying an email and walking out the door with it, so never rely entirely on firewalls, passwords and encryption.
Lectures, Workshops, Coaching and Writing
If you would like a lecture, workshop, one to one coaching or writing about email or any other communication topic you can contact the author Andrew Hennigan at speaker@andrewhennigan.com or 0046 730 894 475.
Comments