The Perils of Email

Email is a wonderful thing.  As a kid, or even as an adult, I rarely wrote letters because the act of addressing an envelope was too much for me.  (Please don’t judge me too harshly!) But I whip off emails to friends all the time.  While I love email, it comes with two very different perils.  Neither constitutes “breaking news” but I see enough problems with both that it is worth an article. The first problem is well-publicized: phishing. 

I received an email from someone who has appeared on Monitor Monday. I recognized her name immediately. The email started “I was meant to get this to you last week. Here is the presentation to collaborate on the new …”  That isn’t a typo; the email started with flawed grammar. I am glad it did because it made my spidey-sense tingle. We’ve all heard the instruction not to open attachments from an unknown sender, but this email highlights another problem, attachments from someone you DO know. Fortunately, the author made a foolish error. The email referred to our prior discussion. We hadn’t had one. But if we had, there’s a real risk I would have opened the attachment. One of the lessons I’ve learned as we try to train people to avoid phishing is that it is extraordinarily difficult to train people to be sufficiently skeptical of attachments. Antivirus software will help, but we’re going to have to keep hammering home the message that attachments are always suspect. The fact that you know the sender doesn’t eliminate the risk. Pay careful attention to the message. Make sure it is specific to you.  Had the author been smart enough to structure the note as an “introduction,” with no reference to past interaction but asking me to review a document, maybe I would have been fooled. Another key point:  if you doubt the authenticity of an email, don’t call the number in the signature block. Smart phishers use a burner number and have someone answer the phone. Google the person and use that number. Here, the person’s real number was one digit different than the number in the email. I didn’t try the number in the message, but it would surprise me if someone purporting to be the author’s assistant would have answered. 

The second email risk is discussed in news stories about the recent $678 million-dollar settlement paid by Novartis, Apparently, as part of their compliance training, employees were told to refrain from writing things down. The advice was that rather than send an email, make a phone call.  I’ve certainly been known to say something similar. The government focused on that instruction to suggest that compliance was less focused on following the law than on covering up improper activity.  Now, one lesson someone could draw from this experience is “don’t write down your instruction not to write things down.” While that’s sort of fun to say, I would suggest a slightly different lesson.  Be careful about what you write down. When I give compliance advice to clients, I’m not trying to help them avoid the detection of illegal activity.  I’m trying to help them avoid committing an illegal act. When I issue advice to refrain from writing an email, that doesn’t stem from a fear that truth will be discovered, I worry about a poorly worded statement or a cavalier, sarcastic remark being used against you. Gallows humor can lead to metaphorical gallows. For example, the oft-used “I don’t look good in stripes” is usually uttered by someone trying to do the right thing, but it can sound like an admission of wrongdoing. If you’re putting it in writing, think about how it can look when quoted out of context.  How can it be twisted? Once said electronically, there are no take-backs.   

Programming Note: David Glaser is a permanent panelist on Monitor Mondays. Listen to her live reporting every Monday at 10 a.m. EST.