On our Road to PIPA this week, we are starting to talk about Policies and Procedures. Many organisations have in place acceptable use policies (AUP) with respect to members of staff using the organisations’ resources, including email communication.
In this blog post, PrivCom brings you some practical privacy enhancing tips regarding the use of email. They apply to the ways in which both organisations and individuals communicate over emails.
While email communication has become possibly the most convenient, fastest, and widely used means through which people communicate in writing, it presents a number of concerns relating to privacy. Below, we list some of the most common issues:
Unauthorised access to electronic mail can occur while an email is in transit, as well as when it is stored on email servers or on a user’s computer.
Mistakes in handling sensitive information through email are prevalent. Sending confidential documents to the wrong recipient by accident is a common oversight.
Lack of encryption is a primary concern with email communication. Encryption refers to the process during which information get encoded in such a way that only authorised parties can read it.
To mitigate these concerns, measures such as implementing robust encryption methods, complying with legal and regulatory standards (like Bermuda’s PIPA, EU GDPR, UK GDPR, US HIPAA, California’s CCPA etc.), and educating users about secure email practices are crucial.
CC’ing and BCC’ing
CC (Carbon Copy) and BCC (Blind Carbon Copy) are two features in email communication with distinct privacy implications. When you CC someone on an email, it means that person receives a copy of the email sent to the primary recipient. All recipients can see who has been CC’d and will be automatically included in all replies. This can be a privacy concern if the email contains sensitive information that not all recipients should have access to.
BCC works the same way as CC, but the other email recipients won’t see the address of the BCC’d person or be notified that a copy has also been sent to someone else (with the exception of the direct recipient if they’re included). When someone replies to the message, the BCC’d persons won’t receive a reply. This feature is often used to maintain privacy in group emails or to include someone in an email conversation when discretion is needed. While CC promotes transparency among all recipients, BCC can be used when transparency is not required or desired.
Here are some privacy aspects to consider when using CC and BCC:
Privacy: If you CC every recipient, each recipient has every other recipient’s email address. This could be a data privacy issue, i.e., disclosing private information.
Confidentiality: For example, if you BCC every email recipient when sending out an update regarding training, it means you’re keeping them all informed without disclosing their involvement.
Outlook calendar invites
Many organisations use Microsoft Outlook. While email has the CC and BCC function, Outlook calendar does not. To mitigate privacy risks when sending out calendar invites to a group, you can follow these 6 steps that are similar to BCC on emails.
In Outlook, go to the Calendar section.
Click ‘New Meeting’.
In the ‘Meeting’ window, click on the ‘To’ button.
Select or enter the email addresses of the BCC recipients.
Click ‘Resources’ to add them as BCC.
Complete the details and send the invite.
You can also make an appointment or a meeting private.
Here are some practical tips to enhance your email privacy:
Use the CC and BCC features responsibly to respect the privacy of all email recipients.
Always double-check your CC and BCC fields before sending an email, all the more so if and when dealing with sensitive information.
Be cautious of links in emails. If you receive any unexpected or suspicious mail asking you to click on a link, don’t! Check if the URL matches when you mouse over it and if it’s spelled correctly. Always verify the sender.
Be aware of what you share, and remember not to divulge personal information in emails, particularly when communicating with new contacts.
Be wary of email attachments, from unknown senders in particular, as they can contain viruses or malware.
Using a strong password and frequently changing it is an easy way to enhance your email security.
Enable 2-factor authentication on your email account.
Consider utilising encryption for sensitive emails.
Be cautious when accessing your email from public devices and/or Wi-Fi networks.
Keep the software on your devices up to date to ensure you have the latest security.
Enable spam filters to help with potential phishing emails.
Regularly back up your emails to help you recover them in case of a data breach.
Familiarise yourself with your organisation’s privacy and acceptable usage policies.
Stay safe!
Comments