The ‘Gove email-gate’ media disaster looms large. Micheal Gove is being accused of using a personal email account for Government business. Is it a breach of the law? Is it right or wrong to use a personal email account to transact Government business?
It has long been a serious concern for senior civil servants that MPs (and local Councillors) forward email to their personal email accounts. Interestingly, the concerns have normally focused on breaches of security rather than the FoI Act. Whether Mr Gove is breaching the law will depend on the terms of the Education Department’s computer acceptable usage policy (AUP) and whether or not he is bound by then (as in has he read and agreed to them). What is of concern is that he like others before him still have not learnt the lesson from other high profile email disasters and continue to put in an email communications which would be far better conveyed by other means such as a conversation.
If you don’t want the press to see what you have said – don’t put it in an email. It is that simple.
MPs and Councillors are notorious for their misuse of email and landing themselves and their Departments and Councils in trouble (think of Jo Moore and ‘a good time to bury bad news’). They can never make the time to attend any email best practice education session which might save them and their organisations significant time and money.
Now we are about to witness yet another waste of public time and money over the ‘Gove email-gate’ disaster.
Tags: email best practice, email security, Government cuts
Emails as evidence has been highlighted in the phone hacking scandal. I have long since held the belief that one of the reasons News of the World (NoW) in the early days were so keen to settle with Sienna Miller so quickly was because she demanded to see all emails relating to herself. However, it was never going to be long before all hell broke loose as others demanded to see such emails. Now these demands have been made and not surprisingly HCL Technologies who manage their email systems say they were asked to destroy more than 200,000 emails over the past year!
I utterly condemn the phone hacking and indeed may now stop reading any Murdoch publication. Nonetheless, there are lessons to be learnt about the use of email. Emails as evidence highlights three issues.
First, can the emails be destroyed? Under current UK law, in theory yes. But you can bet that someone somewhere will have kept a copy either printed off or saved to a file.
Second, it underscores the need to be so vigilant about what we put in an email. A conversation is far less likely to be kept. Careless emails sent in haste as busy business people struggle with email overload have been been very costly for many organisations. For example saying ‘yes’ when a client says an error has been made leaves little scope to negotiate. A comment which is seen defamatory may also be costly.
Third, it highlights the viral open nature of email. An email is as open as a postcard. You can bet your life someone somewhere has seen these NoW emails who should not have seen them. One way or another I’d wager a bet that, try as they may to have destroyed the email evidence, it will turn up at some point like the proverbial bad penny.
Last, but by no means least, there is talk of changing the UK laws relating to email retention and archives to be more like the US law. Emails will have to be kept and made available on demand. That too brings its own set of problems.
This all underscores the need to think before hitting send. If in doubt, talk first, then email later if needs be. Before you all comment, sanctioning phone hacking by conversation is no less an offence than sanctioning it by email.
Have you ever been subject to a legal case where email evidence is included?
Tags: email archiving, email best practice, email overload, email retention, email security
Careless emails can be very expensive. Last week I ran a workshop on ‘Managing the risk of cyber crime’. Cyber crime in all its different guises now costs business more than physical crime according to a recent Cabinet Office report (you and I stealing pens and paper from the staionary cupboard). In financial terms, cyber crime costs businesses about £17bn per year. Recovering from a breach of security costs most business between £20,000 and £500,00 according to PcW.
The inclusion of e-evidence can add upto an extra £500,000. Yet as the KPMG e-disclosure report identfied, few High Court Judges really know how to handle e-evidence. Indeed witness the super injunction fracas.
Sony admitted it will loose revenue and clients as a result of the hacker attack on its Playstation network.
All this prompted me to re-visit how easy it is to leak confidential information through email.
You can have the very best technology to scan outgoing emails for content, block the use of unkown USB sticks etc. However, at then end of the day the majority of cyber crime is committed by human error. The most common leaks occur through the following human actions.
How often have you either been trained in email best practice and the law or trained those who work for your business? Probably, if you are like most organisations, rarely and often only after an incident.
There are two simple steps any business can take to manage the risk of a cyber crime attack through email. First, have an up-to-date Acceptable Usage Policy which has been read and accepted by all employees. Second, provide adequate user training.
During the week I will post some simple ways for everyone to help manage the risk of breaching security and compliance. A subsequent blog will also look at the common laws which govern email.
Tags: cyber crime, email best practice, email security
Did you set a secure Out of Office message if you’re taking time out this week for half-term? Secure means saying simply ‘I will not have regular access to my emails from A to B. If it’s urgent please call me or ABC’. Avoid saying you are on leave as that’s alerting cyber criminals to a potentially empty house.
Also avoid giving too many points of contact as that too open the door to preying eyes and can be an easy source of leaking confidential information eg other organisation with whom you deal, other points of contact etc.
Tags: email security
Email etiquette and email security. It’s that time of year again, Valentine’s Day is here. It’s not just the high street that’s bursting with Valentine fever. The internet is full of online shopping sites covered with hearts, pushing last-minute gift ideas and online dating services, trying to get you to sign-up to make this year THE year that you find that special someone.
Electronic cards are ideal for the busy or last-minute romantics out there. Sending an eCard for a special occasion seems to be a growing trend – it’s cheap to do, environmentally friendly and a convenient alternative to traditional cards.
I think the concept is great and there are a lot of trusted sites which offer you the option to create animated videos or cards to send by email to your Valentine, but there are just as many spammers hiding behind bogus messages, so beware!
Security companies monitor the activity of spammers at this time of year and see spikes in spam related to Valentine’s Day such as emails with subject headers like, ‘An original gift for Valentine’s Day’, ‘Very Hush-Hush Valentines Day Offer’, ‘Quick and Easy Valentine’s Day Gifts’ and lots more*.
Hackers often use Valentine’s Day to try and sneak malicious software on to your computer, or to lure you to what looks like a legitimate website to make purchases, allowing them to steal your bank account details and passwords, without you realising.
Be cautious and do not open emails from unknown senders even if they flatter your ego!
Tags: email etiquette, email security