Research estimates that 75% of attacks against Web servers are entering through applications and not at the network level. And when a company makes even minor changes on its webs...
By: Naveed Sait | September 8, 2016
Over an informal morning coffee break with the team, we exchanged anecdotes on how people sometimes goof up simply by sending an email to a wrong recipient. This is what triggered the thoughts in this article.
Goof Up #1: An accountant intended to send a payroll sheet for approval to his manager – only to realize later that it was sent to a company-wide Distribution List (DL).
Goof Up #2: Another employee sent out some client data to another client where the email ids of both client representatives had similar names.
Goof Up #3: Yet another manager accidently included a client id while intending to write to internal team members only.
You may have come across some (or quite a few!) such instances. While there is seemingly no end to human mistakes, organizations continue to invest on ‘training’ employees on this front and share write-ups on Email Best Practices. There is, of course, merit in continuing to do this. However, is there anything more an organization can do to minimize such incidents? Something that the email system can be enhanced to do and not merely depend on the human judgment alone?
Some organizations are experimenting with moving away from traditional email, at least partially and adopting intranet forums for internal communication. Yet, email as a means of communication remains widely prevalent in the industry.
Here’s a series of thoughts on what the email system could be enhanced to do – and others like yourself may add on. It wouldn’t be surprising if some of these are already being used in some organizations.
The email system may be enhanced to:
- Allow only a select few individuals to send emails to organization-wide Distribution Lists
- Add the department name or similar indication as part of the email id when the name auto-completes, to minimize the risk of sending the email to an unintended recipient. It’s not foolproof, but could be somewhat better than no hint at all.
- Add a provision to block the recipients from using Reply All when sending an email (could be feasible for emails sent within the organization). Adding ‘Please DO NOT reply all’ isn’t 100% effective. An alternate approach could be to BCC people and state in the email ‘Intended recipients are BCC-ed’.
- Use simple workflows where feasible to send sensitive info like payroll, revenue report, etc. to managers rather than emails.
I am sure there could be many more ideas. These measures might just save some reputation damage to firms/individuals.