Email Mistakes

While the reuse or use of weak passwords is always discouraged, these mistakes can prove particularly dangerous/problematic when it comes to email. The reason is that most online services allow you to reset your credentials (if you forgot or suspect that they are compromised) using email. A compromised email account places almost all of your online accounts at risk.

Recommendations:

Using work email for personal use can compromise your privacy. Business accounts are frequently monitored (or at least subject to inspection), which means your personal affairs are no longer private.

Depending on your business and jurisdiction, using personal accounts for organizational purposes could be illegal. Usually, in litigation, relevant email is discoverable, which means that you could have lawyers crawling through your personal email. To safeguard your privacy, avoid using personal accounts and equipment for business purposes.

Think work and personal like church and state, keep them separate.

Without applying additional protections, email is more like a postcard than a sealed envelope. Anyone (and anything) that your email passes through (or is stored on) has an opportunity to read the contents.

We will talk about some measures you can take to safeguard email in other modules, but understand that many of these measures are not commonly utilized or require both parties to support them. You should not send information such as government identification numbers, payment card data, personal financial or credit data via email. There may also be other types of data that are too sensitive to send over email. When in doubt, assume that email is insufficiently secure to send sensitive data.

Even though email is not secure enough to send sensitive data, you will frequently conduct such sensitive communications via email. Due to human error and autocompletion of email addresses, it is too easy to send an email to someone you didn’t intend to.

You should double-check the recipients before sending an email message (primarily if the content is for specific audiences).

Clicking on links is a pattern of behavior we bring with us from browsing the web. The problem is that what you see in the email application may vary from where the link takes you. An intelligent attacker could cause some significant harm from you clicking on a link they’ve crafted.

We recommend going to the website/service independently of the link. Even if it looks like it is coming from a legitimate account, it could be someone spoofing the origin email address or the sender has a compromised account.

Pause and think before you act.

Nothing is so important or urgent that you can’t reach out to the sender via another communications channel to verify a request made via email.

Double-check the receivers and content before sending a message.