Cyber Confidence: 5 Email Forwarding Risks and How to Avoid Them

You’re pushing to make a deadline and you’re about to rush out the door for a lunch meeting but you really need to send that file on before you head out.

You click ‘Forward’, type a few letters in the ‘To:’ field and let Outlook fill in the rest, hit ‘send’, and you’re done! Hello smashed avocado toast!

You get back from lunch, check for any new email and you’re surprised to find one with a subject line that reads, “Did you mean to send this to me?” Your heart sinks when you realise that you accidentally forwarded the highly-confidential details of a report to someone outside the organisation.

Google-search the term “accidental data breach” and the results may surprise you. In 2015 an Australian Department of Immigration employee accidentally forwarded the personal details of over thirty G20 world leaders – including the likes of Barack Obama and Vladimir Putin – to the wrong recipient. The employee admitted to being in a rush and not checking the email address before sending. It happens to the best of us.

A survey of 2,000 UK workers, conducted by data privacy and risk management company Egress Software Technologies, reported that employees put organisations at risk through careless email behaviours. More than a third of respondents reported that they do not always check emails before sending them. Not surprisingly, 68% of respondents admit that ‘rushing’ was a factor in sending emails by mistake, and accidentally sending sensitive content such as bank details or customer information in error accounted for 9% of email mishaps. (Source: https://www.egress.com/blog/data-breach-survey-2016)

We’re only human so mistakes are inevitable, but consider what could happen if someone in their rush to get things done forwarded something that was unintentionally hurtful, made a colleague look bad, damaged the reputation of an individual or organization, or put sensitive personal records in the wrong hands? That kind of stuff “gets out there” and taints how the organization and its employees are perceived.

In a recent team meeting, RMS discussed how we could reduce risk when using email and we agreed that the practice of “forwarding” emails contained the greatest likelihood for moderate to severe consequences. A forwarded email may contain valuable or sensitive content such as confidential attachments, conversation trails, email addresses and phone numbers of vendors and clients – all of which has the potential to expose the organization to the consequences of a data breach. And, once your email has reached another mailbox it is totally out of your control.

As a team we agreed that the practice of ‘forwarding’ outside of the department should be a last resort, but instead of a blanket “don’t forward email” rule, the RMS team discussed ideas on how to best manage email forwarding to reduce the risk of the proverbial egg on our faces.

To help you become a more Cyber Confident Adventist Professional, here are the top 5 risks of email forwarding and how to avoid them:

RISK #1: MISUNDERSTANDING
If the subject line is prefixed by “FW:”, then avoid misunderstandings by personalising the message. We might think it is obvious to every recipient why we are forwarding an email to them, however that’s not always the case. Spend a little extra time on clarity. Explain exactly why the email is relevant or valuable to the recipients – we guarantee you’ll be appreciated for it.

RISK #2: LOST PRODUCTIVITY
Forward, copy, and paste with discernment. There’s no greater email time waster than reading through a long email forward with multiple attachments and trying to work out what’s relevant to you, or receiving a forwarded chain letter, joke, hoax, virus infected file or dodgy link. So to help preserve your colleagues valuable time, we suggest saving any attachments to your computer first, (scan for viruses or malware) and/or copy only the necessary words you wish to share and then attach or insert them into to a brand, spanking new email message. If sharing a link, clearly state that, and include any helpful instructions. It may take more of your time, but better that than the precious time and respect of every person on the recipient list.

RISK #3: DAMAGE TO REPUTATION / RELATIONSHIPS / BRAND IMAGE
Follow the Golden Rule. This works for any type of email situation – new, reply, reply-to-all and forward. Before forwarding an entire email with the original sender’s address and conversation trail consider how it would feel if someone did that to you? The sender may have written some things that were for your eyes only! By all means quote, thank or acknowledge the original sender, but delete any personal or compromising info beforehand. As Adventist Professionals we should avoid putting the reputations of our colleagues, the image of the organisation or our personal and professional relationships at risk because of careless forwarding.

RISK #4: LACK OF OWNERSHIP / MISREPRESENTATION
Avoid those totally awkward “But don’t you know who I am?” moments by including your own email signature with your name, job title and department when forwarding an email message, especially to large groups of recipients. If the email is being sent on behalf of someone else, then it really helps to include that information at the beginning of the email. Remember, an email signature adds gravitas and also helps recipients know to whom they should follow up; but be cautious, even though you didn’t write the original message, you are responsible for forwarding it, so think seriously if the message is worth putting your name to – if not, then it might not be worth forwarding.

RISK #5: ACCIDENTAL DATA BREACH / DATA LEAK
Finally, slow down, do it right and double-check. As noted earlier in this article ‘being in a rush’ and ‘slapdash’ message sending accounts for a large portion of email mistakes. When composing or forwarding email be mindful and aware of yourself – notice any tension in your hands while typing, be aware of a furrowed brow or if your breathing and heart rate increase. If it feels like you’re rushing, find a way to stop and disrupt your haste to review your work, or come back to it later. Avoid an accidental data breach by examining and editing the recipients list, reviewing the attachments, and proof-reading the message.

It is so tempting and seemingly efficient to simply click ‘forward’ and see how those dice roll, but we believe that using the ‘forward’ button comes with additional risks that require a little more time and thought than drafting a new message. As Adventist business professionals, protecting yourself and those around you by following these cyber-confident email forwarding tips may help prevent an accidental data breach, misunderstanding, lost productivity and could protect the reputation and the mission of the Church.