April 9, 2014 2 Comments
Avatar
Inside Cisco IT

Improving Email at Cisco Part 2 – The Employee Process Side

I’d mentioned earlier (see Improving Email at Cisco Part 1 – The IT Technology Side) that email has its ugly side:

  • Too many
  • Most of them are a waste of time
  • Emails will, occasionally, carry virus payloads (or link you to sites that have worse); and yet
  • I can’t live without it

I also described a couple ways that Cisco IT helps cut my email traffic by close to 2/3, and protects me from dangerous email and dangerous websites … most of the time. There are still some dangers that are more subtle though and there are also a lot of ways to make the email experience at Cisco a lot easier for everyone. So let’s continue.

Email Pain Reduction Step 3: Spearphishing – Don’t Invite Trouble Inside

Occasionally, an email will get through – either at work or home – that isn’t what it seems. Scammers will try to steal your personal information – credit card numbers, passwords, account numbers, or confidential corporate information. It will always look like it comes from a well-known source: a bank, a reputable firm, a colleague, or a friend. The email will get you to click on a link that will take you to what looks like a secure, reputable site. And then you will get asked, for only the best of reasons, for important information – things that legitimate companies would really never ask for, but it will still seem quite reasonable. That’s phishing and we are the phish.

Suggestions to avoid falling into this trap:

  • First, never, ever open an attachment unless you really are expecting it.
  • Check to see if the email you received has more than you as a recipient, especially when the recipients are in alphabetical order.
  • Be wary of any offer that seems unusually tempting, or too good to be true.
  • If there’s a link, hover over it to see if it’s the same as the printed link. If you really think it’s from your bank, or company, or whatever – look them up separately and call them or email them directly. Do not trust the email.
  • Be suspicious of anyone who ends up asking you for information, even for the best of reasons, especially if they seem in a hurry or make it sound like an emergency.
  • Remember that no one, no matter how legitimate, will ever ask for personal information, bank information, or corporate information. Don’t give it up.
  • Most companies have specially trained groups to handle requests for information from outside the company – someone in HR or Finance or Vendor Management. Pass anything that you still think is a legitimate request on to them.

On a side note, our Cisco information security team has been sending internal phishing emails to employees lately as part of a training and data collection exercise. They’ve offered unusually cheap large screen TVs and (gasp!) cute pictures of kittens, all from seemingly legitimate sources. They track how many people open these emails, and the smaller number who actually click on the internal link. Those of us unfortunate enough to click on the link get taken to an internal “phishing tutorial” site (and, I suspect, our names get recorded for a bit of a lecture later).

Email Pain Reduction Step 4: If it’s Going Outside the Company, Consider Encrypting It

If you’re sending a confidential email, especially with attachment, consider:

  • VPN: If you are outside the firewall (e.g. at home or in a hotel) and sending email into your company, and you have a VPN capability (I use AnyConnect), then make sure you use that VPN. It will encrypt content and protects you.
  • CRES: See if your IT organization supports the Cisco Registered Envelope Service. CRES will provide key managed encryption that doesn’t require the recipient to have a key.
  • PGP/GPG: For serious content protection, look up Pretty Good Privacy, or its open-source alternative: GNU Privacy Guard. They both use public key encryption that requires both sender and receiver to share key information, so it’s a bit of a pain; but at least you know that only intended recipients can decrypt and read your content.

Email Pain Reduction Step 5: Be Efficient With Your Email

  • Attachments: Don’t attach documents if you can help it; post it in a local file server and point to it. You know you’ll be making changes to the document a few times – and if you send attachments you will never know who has which version.
  • Repeat emails: Once you notice that you’ve written the same email three or four times in a year – because different people keep asking the same question – get the best of them and post it in a wiki or fileshare. Then point everyone else to it. It will save you a lot of time.
  • Really great Emails: If you’ve written or read a really great email that you think will help other people – something that looks to you like a great reference document – then post it in a local searchable resource like a wiki or web page. If it could help a lot of people in the long run, posting it will help you or anyone else from having to rewrite it. And no one will ever find it in your email archive.
  • Avoid embarrassing “Reply All”: Avoid “reply all” unless it really makes sense. Before you hit “send”, look at the recipients list. If you see a group email ID you don’t recognize, or one that’s huge even if you do recognize it, then delete that recipient before hitting “send”. Sending “reply all” to a huge number of people is a time waster and an email-system clogger. It’s also an embarrassing newbie mistake that your team may remember – and remind you of for a while!

Email Pain Reduction Step 6: Be Clear With Your Email

  • Get it read: The first thing people see is the subject line. Make it short, make it identify what’s inside, and make it relevant to the person on the receiving end. Because if they don’t open it, it’s your time wasted.
  • Get them to respond: Tell them exactly what you need from them in the first 2-3 sentences. If you’re like me, and you have the need to explain things first, go ahead. Once you’ve gotten to the place where you ask for their help, cut and paste that bit and put it to the front. The rest will help explain why you’re asking.
  • Get them to respond to all of it: If you’re asking for them to take multiple actions, they may stop reading at the first “”ask”. Make it clear – by numbering each “ask” – that you need them to see more than the first one.
  • Prepare for forwarding: Write for a wider audience than you expect. Emails are forwarded and travel further than you’d expect. Write so it can be understood and accepted by as many different people as possible.
  • Make it short, clear, and simple: Most people will skim your email and ignore anything they don’t easily understand in a minute or two. Use shorter words, shorter sentences, and shorter paragraphs. Go over your email one more time before you send it. Break up longer paragraphs and sentences. It will save you having to explain it later.
  • Review before you send: I have saved myself significant embarrassment by ALWAYS reviewing emails before I send them. My secret trick? I turn on spellcheck – there’s always a few misspellings, punctuation errors, and the like in my emails – and when I press “Send” too quickly, my email spellchecker forces me to read it again as I walk through the email and fix the spellcheck errors. I almost always catch something I would rather not have sent, and fix it before sending.

This was as much as I can think of, after a few decades of email use (and misuse). Can you think of any other ways to save you, or other people, some pain with email? Please share them in the comments.