In today’s world, a sent email isn’t just between the sender and the recipient. Without the proper precautions, hitting send could expose information to people other than those listed in the recipient list. Stories of hacking, government surveillance and information theft abound.
Whether discussing the terms of a client contract or a sensitive HR issue, employers typically lose control of a message after hitting send. Many entrepreneurs accept this lack of security as a hazard of contemporary digital culture and use limited tools to mitigate the risk: writing strongly worded subject lines ("Do Not Forward"), starting emails with “please keep this to yourself” or stamping "confidential" on all documents.
Yet every week there's another story about compromised information or apologies for data breaches. In response, the Federal Trade Commission has tightened its privacy policies to further inform and protect consumers. But that’s not enough once the damage has been done (see Heartbleed).
Yet business owners no longer have to cross their fingers and hope for the best when sending sensitive email. It's now possible to control where emails go, how long they can be seen and most important retrieve them when necessary -- even after hitting send. Here are five simple steps to protect a business where it matters most: the in-box:
1. Protect (digital) assets. Require employees to use end-to-end encryption tools for all communications. This ensures that the contents of email are secure from in-box to in-box and that no one can access the information while in cyber transit. Encryption was once hard, but new tools are now available that make encryption easy and available to everyone.
2. Know the audience -- literally. Protect the business from careless email forwarding. Disable the ability to forward messages and ensure that content stays only with the intended recipients.
3. Set expiration dates. Some emails need to endure, but most don’t. They are meant to transmit information quickly and be read, responded to and deleted. Help employees manage their in-boxes by setting expiration dates on email. It will improve efficiency and allow them to focus on what’s most important.
4. Double down with two-factor authentication. Turn on this feature. It incredibly simple and incredibly powerful. And best of all, most email services, social networks and accounting software offer this protection. It’s the most effective way to secure what matters most to a business.
5. Maintain the upper hand. Negotiating contracts? Discussing strategy? Reserve the right to revoke and rescind emails and set expiration dates. This means no earlier versions of documents will be floating around And there will be less confusion and more productivity among employees. Plus no more company secrets will be accessible once a contract expires.
My company, Virtru, offers a plug-in for Gmail and other web mail systems by which a person can revoke any message after it has been sent with no limitations. So if a person shares some intellectual property in an email and then a contract expires, the sender can later revoke the message, making the content unreadable.
While everyone uses email, most organizations haven’t taken the basic steps to minimize their risk and exposure. Small businesses like large enterprises should take preventative measures to manage email risks and minimize loss or theft of sensitive or confidential information.