Why Email Leaks Can Affect Everybody

In two recent posts, Best Practices for Writing Leak-Resistant Emails and The Enemy is Listening I explained how you can never stop all email leaks therefore it is prudent to write defensively. Discussing this with other people I realize that when most people think about email leaks they are thinking about the big stories, where malicious hackers extract email databases through security flaws in the network, or when a rogue human walks out the door with a copy of the files. But there are also countless minor leaks that can affect almost anyone, even if they are never careless.

Emails can leak in so many ways you would be very brave to rely entirely on your security processes to protect them. What's worse is that often a mail leaks and you have no idea that it has. Perhaps the leak wasn't even at your end, because an email sent to someone else can easily leak at the other end, too.

So how do emails leak exactly?

Misaddressing. One of the most common ways that messages can go astray is when you are filling in the email address. It is easy to mistype an address and if that address doesn't exist it will bounce and no harm is done. But very often the mistyped address does exist and someone else receives the message. Most of the time it will be deleted by the recipient but if your message is interesting in any way the person on the other end might leak the content.  Most email clients allow you to memorize previously used addresses and in this case there is a very real risk of selecting the wrong one, so your message doesn't go to a stranger but goes to the wrong person. Very often this happens when a message for one customer is sent by mistake to their competitor, with embarrassing results at the least.

Misforwarding. Equally common is the risk of forwarding a message inappropriately. There are several ways in which this can happen. First of all it is easy to forward a thread to the wrong person entirely. What is much more common perhaps is to forward a thread to the right person but without checking what is further down the thread. I have seen many people embarrassed by this kind of mistake. Never forward a message unless you are sure there is nothing sensitive at the bottom of the thread.

Phishing. Remember all of those messages telling you that you have won a billion dollars in some mythical lottery? Some of them are phishing for bank details but others are looking for your email credentials. Even if you are incredibly careful with phishing emails, all it takes is for one of your contacts to be compromised and the copies of your messages in their inbox are vulnerable. Scammers do not have your best interests at heart so they are much more likely to use any data they find than an accidental wrong recipient.

Weak passwords. Knowing your email address and a little about you someone might get access to your email simply by guessing your password. If you re-use passwords on multiple sites then they might find your credentials in one of those password file dumps that appear from time to time. Always be careful to choose a unique password for your email accounts.

Stolen files. Someone could access your emails simply by copying email data from an email server, your laptop or your phone if they are left unattended or are lost. This is how many major leaks occur.

Deliberate leaks. There are also, of course, deliberate leaks from whistleblowers, rivals, disgruntled employees and people you have just fired. They could easily forward sensitive messages to the media, to competitors or to the authorities.

Discarded paper copies. Finally, don't forget that a paper copy thrown away in an airport trash can can also be retrieved by an unauthorized person. That's why most organizations shred their waste and why you should be careful about emptying your bag in a public place.

There are probably more ways in which your emails can leak accidentally or on purpose even if you are not famous, powerful or rich. Be as careful as you want but you will never stop every leak, so learning to write emails that are less damaging is a useful skill to master.

Lectures, Workshops, Coaching and Writing

If you'd like Andrew Hennigan to do a lecture or workshop at your organization about how to write emails that are more leak resistant you can send a message to speaker@andrewhennigan.com or call 0046 730 894 475.


Popular posts from this blog

Speaking: When Silence Works Better Than Words

Influencing: How Airbnb Organizes the Host Community