Tip To Prevent an Email Oops

Today I almost had an email oops.  Well…perhaps not "almost" because of a habit I got into years ago.  This habit has saved me many times from sending out a message prematurely before I’ve had a chance to review.  I’ve incorporated this tip into several organizations’ awareness messages and training content and have heard back that it has prevented some email incidents.

While composing an email to a client today, someone came into my office and asked me a question, and while turning to respond, my thumb bumped my overly sensitive mouse pad (yes, I know the sensitivity is adjustable…but overall I like it at the current level) after my cursor had moved over the <send> button.  A sudden chill went over me…I wasn’t ready to send that message!  It wasn’t complete and I didn’t want to send all the raw (don’t worry, it was non-PII) data I had included as I was drafting it.  Then I looked at the TO:, CC: and BCC: lines…WHEW!  I did not have any addresses there yet…in following my email habit of the last decade+.

Many email incidents have occurred by mistakenly sending emails either with unintended information, or with incorrect or unwanted email addresses in the TO: line, etc.  I just talked about many email incidents on August 1.

A good way to avert many email incidents from accidentally happening is to compose the body of the email message BEFORE filling in the TO:, CC: and BCC: lines.  If these lines are blank, then the email composer cannot accidentally send the message before it has been finished and carefully proofread.  It is very simple, but also very effective, as are most security habits.  Effective training and awareness communications help to drill such habits into the minds and typing fingers of personnel.

My habit over the years that I’ve passed on to my co-workers and clients, and have put into communications, is simply:

  1. When writing an email, leave all the address lines blank.
  2. Write the message.
  3. Proofread the message…ALL the message!  Including attachments and being sure to scroll down to see if you have left any extraneous information that you may have copied into the message while composing.
  4. Be especially diligent about reviewing an email message you are forwarding.  Make sure all the information in the forwarded email is something you CAN be forwarding without violating the original sender’s intentions for the email, and to ensure you are not divulging information inappropriately. 
    • You will often need to remove the email address, and perhaps even name, of the email originator to protect their identity/privacy. 
    • You will likely not need to forward the entire email message.  Delete everything from the forwarded email that is not relevant to the reasons why you need to forward it to someone else.
  5. When you know the message is exactly as you want it to be, fill in the address lines with the addresses of the people you want to receive your message.
  6. DON’T HIT SEND YET!  Carefully read through the addresses.  Make sure you didn’t accidentally include an email address that was next to one of your intended recipients in your address book.
  7. Now hit send without worrying about suddenly feeling your heart miss a beat and going "DOH!" because you sent it to the wrong people, or sent inappropriate information.

"But!"  you may say, "This does not work when replying to an email!"

Ahhhh…yes…well…here is another habit I’ve gotten into that has worked well for me.  However, I realize this one requires more tenacity for end-users to follow consistently, but it can save A LOT of embarrassment and potential incident impact by doing.  If your end-users who send a lot of email to customers, business partners, and particularly others outside your organization, it is worth suggesting to them.  One of my clients from a few years ago sent me a message telling me he was happy he had told his folks about this tip, because one his marketers would have done a very big OOPS without following it.

The habit for replying to email messages is simply:

  1. After hitting <reply>, copy, then delete, all the addresses from the TO: line of your message and paste into the first line of your reply message body.
  2. Repeat #1 for the CC: line as necessary.
  3. Create your message on the lines after the lines of addresses in the body.
  4. After finishing and proofreading well, do a copy, delete and paste of the addresses from the first line of your message into the TO: line, ensuring that it/they are the recipients you really want for your message.
  5. If appropriate, do a copy, delete and paste of the remaining addresses into the CC: or BCC: lines.
  6. Determine if you need to put any addresses in the BCC: line.
  7. Proofread everything, deleting the parts of the original message not necessary, then <send>.

Yes, this is somewhat clunky, but it can avert some significant security and privacy incidents. 

Once people get into the habit, it truly does become second-nature…like today when I briefly panicked when I heard the <send> button click, then realized that my email habit had saved me from a bit of embarrassment from an unfinished email message.

Technorati Tags







This entry was posted on Thursday, August 3rd, 2006 at 4:44 pm and is filed under Privacy and Compliance. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply