• United States



by Ken Pfeil

E-Mail Etiquette

Jun 01, 20062 mins
CSO and CISOIT LeadershipPhysical Security

Share this refresher course on how to use e-mail in a security-conscious manner

Pass It On

Used improperly, e-mail can create all manner of problems, from lost intellectual property to sexual harassment claims. Share this refresher course on how to use e-mail in a security-conscious manner.

  1. Think of e-mail as a postcard, not a letter. Your e-mails can be inspected by the company anytime before or after the message is sent. Refrain from gossip; speculation on business ventures, partners and competitors; off-color jokes; sarcasm; and attacks.
  2. E-mail is no place for IP. Keep sensitive corporate information and intellectual property out of e-mails unless it’s encrypted and you have approval to send it. Use encryption and a certification mechanism when sending sensitive data outside the company.
  3. Give it time. Reread an e-mail before sending it. If possible, save it as a draft and reread it later. The time will give you a critical eye to its content and tone.
  4. Know your mailing lists. Content must be appropriate for everyone on a mailing list. So if the “Project Team” list includes contractors, the information in the e-mail must not be off-limits to those folks.
  5. Know your addressees. Before sending, check all addressees to make sure that your e-mail’s autocomplete address feature didn’t add someone to your list who you don’t want on it. Use the “bcc” field so recipients don’t see everyone’s e-mail and you won’t start a flood of unnecessary “Reply All” messages.
  6. Use plain text first. Cater to the lowest common denominator among recipients. Text-only e-mail is always preferred. Use HTML only when necessary.
  7. Stay out of the forwarding business. Chain letters, spam, jokes, audio and video clips, and other Internet-culture phenomena are verboten. Know the company’s policy for “office spam” as well (for example, “Mary in Accounting has furniture for sale”).
  8. Don’t be subtle. E-mail is blunt. It does not convey well nuances like sarcasm and frustration. Be clear and concise; it could be misconstrued as anything from a personal attack to inappropriate flirtation.
  9. Use common sense. If something doesn’t feel right, stop before you send. Consult your CISO. Or simply try again.

Source: Ken Pfeil, a former CSO and now CIO of echelon one