Proofpoint(s) Out 2009’s Best and Worst Email Blunders

If you use email, you’ve probably managed to embarrass yourself by hitting “reply all” and broadcasting what was supposed to be a private email to the masses. You are not alone; email blunders have become almost as ubiquitous as the use of email itself. With this in mind, Proofpoint, Inc., a provider of unified email security, archiving, and data loss prevention solutions, says it’s time to take email security seriously, as mishaps are not just embarrassing—they are potentially damaging.

In October Proofpoint released a list of the top email blunders of 2008. On that list was the hacking of then-vice-presidential candidate Sarah Palin’s Yahoo! email account. In 2009, Proofpoint decided to do another list for the first half of the year and posted it on the Proofpoint blog, explains Keith Crosley, director of market development for Proofpoint.

Leading off the list is an Oregon nursing administrator who lost $400,000 to a Nigerian email scam. Though most email users are taught to be wary of any unknown email sender, clearly not everyone is getting the message. This example “just shows you that end users, whether they are individuals or people working in an organization, need to be educated about spam,” says Crosley. Some “people aren’t aware of how confidence scams work at all,” he says. For this reason, Crosley believes “it is the responsibility of the enterprise to realize people need reminders that there are scams that come in through email.”

Taher Elgamal, Ph.D. and chief security officer of Axway, a provider of multi-enterprise solutions and infrastructure, echoes Crosley’s sentiments. He says, “The solution is always a combination of technology and awareness. Deploying a good email gateway with a state of the art anti-spam engine is a good start, but it is always important for each organization to conduct awareness sessions about the use of the internet and email in particular.”

While lack of security and email education played a big role in this year’s list, user carelessness also made some waves. The seventh blunder involved officials at the University of California–San Diego and New York University accidentally sending emails to thousands of high school seniors claiming they were granted admission to the universities. No. 10 caused a public uproar when it was reported that an email from John Soden, a managing director at Thomas Weisel Partners, LLC, was sent to employees demanding that they return to the office on Good Friday stating, “Join Wells Fargo and become a teller if you want to take bank holidays.”

Crosley advises email users to be aware of the permanence of emails. “There is still something about email that makes it feel less formal that leads to a lot of these blunders,” says Crosley. “For some reason the informality and the personal nature of email makes people forget that you are creating a permanent record. If you don’t want the whole world to read it, don’t put it in email.”

These sorts of mishaps can lead to a lot more than just public embarrassment for an unprepared company. Copies of emails can be admitted as evidence to a court of law, as the fifth blunder illustrates. U.S. prosecutors filed against Bernie Madoff by submitting email messages from victims of the Ponzi scheme as evidence. Companies and other entities have to be able to produce archived emails for legal purposes. “If a company doesn’t have a good email archiving policy and technology it can be very hard to produce all the email that relates to a given suit,” explains Crosley. He adds, “From an organizational standpoint, one of the big things that they need to think about is what am I going to do if someone says, ‘Produce this email?’ ”

No. 4 on the list, Google’s “unsend” button—a last minute option to retract an email—may put some nervous users at ease, but it certainly won’t put an end to email snafus. Instead, companies have to be more aware of the dangers that go along with clicking send. “Even with enough training for employees on careful use of email, humans will continue to make mistakes. The issue here is whether a mistake can have a much larger effect than necessary,” says Elgamal. “Understanding the technologies one uses—email or other messaging methods—is important.”