One Step Ahead: Email Risks: Well Beyond the Encryption Problem |
|
, |
Another tip in a series provided by the
Offices of Information Systems & Computing and Audit, Compliance & Privacy
Most people know that email is not a secure way to send messages because, barring a special application, email messages are not encrypted. However, the fact that emails messages can easily be intercepted in transit is only one of several risks to consider and manage. Consider these others:
• Auto-populating an Addressee: Sending to the Wrong Person. Many email services offer a convenient but dangerous tool. When you start to type the first few letters of a recipient’s name, it guesses at who the recipient might be with a full name extension of those first few letters. This may or may not be your intended recipient. Make sure your message to “Jones” is not sent to “Jonston” by accident because you failed to read the full name of the recipient before clicking “send.”
• Listserv Configurations: Revealing Too Much Information. Some listservs are configured to display only the name of the listserv to recipients of messages. Others actually show the email addresses (which often are full names or close to it) of everyone on the listserv. With the latter configuration, we see two different privacy risks: (1) revealing something potentially personal about the members simply by virtue of the fact that they are on the listserv and (2) revealing actual email addresses, which many people would prefer to keep restricted.
• The Accidental “Reply to All.” When responding to messages sent to more than one person, it is unfortunately quite easy–when not paying close attention–to send to all on a list when you intended to respond only to the original sender.
All of the email-related risks above can be aggravated by sending something inappropriate in the content of the message, so be sure to only write things you would be willing to hear read aloud in a crowded room. Fortunately, the likelihood of encountering any of the above can be greatly reduced by one simple method: read the ‘to’ line, the ‘cc:’ and the ‘bcc:’ before you hit “send”–every time.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/ |
