What We Should Learn from Email Breaches

    Slide Show

    Nine Email Scandals that Underscore the Need for Proper Archiving

    Here in the U.S., we are in the midst of the insanity called “a presidential election.” It seems as though the Democratic Party is trying to commit suicide by email. First, we had the unsecure private email server with no tracking, which was most likely penetrated but no one can tell. Now we have the Democratic Party’s email service that was hacked (probably as a result of phishing someone who had more access than they should have had). Both instances showcase a problem that we aren’t really talking about. Let’s do that now.

    The Problem

    In the long term, the most damaging part of this email debacle isn’t that some of the emails refer to favoring one candidate over another. Most damaging are the emails that make fun of donors or present them in a derogatory light. These are people who have given up to seven figures to help the Democratic party get their candidate elected and not only are their donations now public but so is what the Democratic party thinks of them. Good luck getting that next donation from, well, anyone, now.

    It isn’t at all uncommon for people to share colorful thoughts about superiors, co-workers, subordinates and customers over email. But think for a moment: What business benefit does this add? Email is auditable. Having done some audits, I know there’s a lot of stuff people feel free to share on company email that can, and does, get them fired.

    A few years ago, a couple of managers in a firm I was working for had an email exchange about a high-performing black female employee. She had asked for something and the email exchange between the managers referred to her inappropriately with racially charged slang even as it granted approval for her request. They then left this exchange intact when they sent her the approval. Imagine how productive she was when she found out her manager and manager’s manager were both extremely racist? It turned out her brother was an attorney specializing in racial discrimination and harassment cases. That email cost the company around half a million dollars in terms of a settlement and both managers lost their jobs. (How this didn’t get caught sooner is a whole different column.)

    A few years back, a communications exchange between two Oracle sales managers was picked up in litigation discovery and made public. In that exchange, Sun hardware was referred to as unsellable crap. The disclosure of that email likely cost Oracle millions of dollars and, once again, the executive lost his job.

    Back when I was starting out as an analyst, I got an email from a Microsoft manager regarding a meeting we were to have. Shortly afterwards, I got a note from Microsoft’s PR firm asking me to not read the note below the information about the meeting. I hadn’t even been aware there was a forwarded note and, of course, I immediately had to read it.

    It contained a personal profile of every analyst they were going to be talking about in their meeting. In regard to one really powerful guy, they went into some length explaining what an ass he was and how to behave around him. The analyst who they’d highlighted as vindictive was likely really pissed off. (Sadly, in my own case, it read like there was nothing interesting.) At the heart of the problem was that the Microsoft manager who had gotten the note in the first place accidentally created a bit of a firestorm.

    In short, the problem is that a lot of us treat email as if it is really, really secure and it’s not. It is like a loaded gun; folks need to treat it with far more respect.

    The Solution

    People need to be regularly reminded that if something is in writing there’s a reasonably good chance it will get disclosed. This means that all of the rules in place for verbal communication also apply to email and texting. Employees should picture what would happen if an email became public then consider rewording it so that it doesn’t cost them their jobs if it did. This means the same jokes they’re not supposed to tell in the office shouldn’t be told or forwarded in email either. If employees are pissed at their boss, email ranting to another employee isn’t wise. And employees should never, ever talk badly about a customer, stockholder, executive or other employee in email. If they have a problem, they need to share it verbally and behind closed doors. (More than a few people have been fired after being overheard at a public event.)

    By the way, this also means that employees need to think about attachments and email threads. If they are replying to an email, it is generally best to leave out the part that they are replying to and not include every email that came before unless they want to read it all first. I’m sure they don’t want security dropping by for a visit after someone finds a confidential element in an email thread they accidentally forwarded.

    Wrapping Up: Thinking Before Sending

    I’ve watched a lot of people lose their jobs over written communications, whether it’s from getting ticked off at a manager and then forwarding a scathing note to the entire company (which is, fortunately, much harder to do now) to sending naked pictures. The majority of these written communications are not only inappropriate, they’re unnecessary and generally reflect poorly on both the sender and the organization. 

    Regularly reminding employees that emails should be brief, focused on the subject, and that they should avoid any language that couldn’t be shared with the employee’s department, family or priest would go a long way toward making sure what just happened to the Democratic Party doesn’t happen to your firm. Put in place a good tracking product and regularly remind employees, unless they want to become unemployable, to treat email, and all forms of communication, with a lot more respect than they likely currently do.

    Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm.  With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+.


    Rob Enderle
    Rob Enderle
    As President and Principal Analyst of the Enderle Group, Rob provides regional and global companies with guidance in how to create credible dialogue with the market, target customer needs, create new business opportunities, anticipate technology changes, select vendors and products, and practice zero dollar marketing. For over 20 years Rob has worked for and with companies like Microsoft, HP, IBM, Dell, Toshiba, Gateway, Sony, USAA, Texas Instruments, AMD, Intel, Credit Suisse First Boston, ROLM, and Siemens.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles