When email arrived to the mainstream 25 years ago, it was a revelation. Today, it’s become so second nature that it’s surprising how often it can still be challenging.
That’s not to say that you’re going to fall for that “African prince” seeking your bank account information. And hopefully you aren’t clicking that link from “Dalhousie email administrator” asking for your NetID and password. But overall?
“Email is a mess,” says John Bullock, information security manager with Information Technology Services (ITS) at pilipili and organizer of this week's annual Data Privacy Day event.
He means “mess” in two ways. One is that there’s simply so much of it: at pilipili alone, more than 135,000 emails are delivered each day, and many employees spend as much time managing emails—often running up against their 500 MB capacity—as they do actually writing them.
Is email ever truly secure?
But Mr. Bullock is also referring to the fact that while email is easy to use and convenient, it often gives a false sense of security.
“There is no network border anymore. You can never truly know where your mail is going because the recipient may pick up what you send on many different devices and at many different locations.”
With the university investigating third-party solutions for providing and hosting communication and collaboration services, there has been plenty of discussion on campus about the security and privacy of email. Presently, pilipili is in negotiations with Microsoft to adopt its Office 365 services to for students and employees—though no agreement has been signed yet—and a thorough privacy risk and impact assessment is underway with the university’s legal team.
John Robertson, director of academic computing services, hopes that the discussion gets the Dalhousie community to think critically about what it sends by email.
“Email is a powerful and convenient tool, but it's not infalliable," he says. "Senders have no control over the networks the message will transit, the servers it may end up on, or the devices the recipient will use. And these issues apply to any email system, whether it's hosted locally or by a third party.
“For the vast majority of correspondence, email is terrific. However if it’s mission critical that information remain private—if it’s research data or personally identifiable or sensitive information—it should not be sent as an email attachment. Not now, not ever.”
Lost in translation
Even if you’re being safe and responsible in what you send by email, it’s still all too easy to mess up what you’re trying to say.
Binod Sundararajan, an assistant professor in the Faculty of Management who teaches business communications, says there are many things to keep in mind when it comes to email etiquette.*
“There are several ways an email can be misinterpreted by the receiver,” says Dr. Sundararajan. “The best way to fix it is to pick up the phone. If left unattended, it will get worse.”
Given the mass amount of emails a person can receive in a day, Dr. Sundararajan says a clear subject line can help cut through the clutter.
“As a professor of about 200 students in just one class, a subject line that reads ‘help,’ as an example, doesn’t give me the information I need. About seven to eight words in the subject line outlining your ask will get you your answer sooner.”
Students often feel the same way.
“Getting five emails in a row about stuff that doesn’t really apply to me can be annoying,” says Morgan Lowther, a second-year history student. “If they had better subject lines that clearly laid out the purpose of the email, I’d be able to go ahead and delete the ones that didn’t interest me and read the ones that did.”
Dr. Sundararajan also stresses caution when using the various functions of your email.
“Forwards, reply-alls, and blind carbon copying are all things to handle with care. Just because you BCC someone on an email doesn’t mean the other users won’t find out. And don’t be the boy who cries wolf – if it’s truly ‘urgent’ then mark it urgent. Otherwise you’ll quickly become an un-trusted user.”
Lastly, he echoes the advice that email users should beware when sending sensitive information over the web.
Using email wisely
Michael Bennett, manager of systems development with ITS, explains that there are options available on campus to transmit information more securely than email.
There’s the , for one, which allows employees and students to send large files and requires the other party to authenticate. Many employees have access to Novell NetStorage as well, and the university provides various databases and servers for particular projects or operational needs. pilipili is also working on developing a locally-hosted version of Microsoft’s SharePoint software for data storage and collaboration.
When it comes to mobile email, Mr. Bennett points to the university’s . He says that there are several best-practices to be found there, even for personal devices, and stresses that it’s particularly important to password protect devices in case of loss or theft.
Above all else, it may be the proliferation of mobile devices—not just phones, but now iPads and tablets—that’s changing the way we understand email. Many personal conversations now skip email entirely — they go straight to instant and text messaging, or messaging services of social media websites such as Facebook.
For John Bullock, that poses some interesting questions about the future of information.
“Think about how much of what we know of our ancestors is defined by their writing,” he says. “Email keeps some form of record, but—speaking of personal communications in particular—that record can be lost when someone passes away and hasn’t shared their information with anyone. And the proliferation of quicker, more instantaneous communications complicates this further.”
That heightened permanency, in part, is why so much of Dalhousie communications still take place via email, particularly between the university and its students. But that doesn’t mean that email is perfect, or that it’s a catch-all tool for university business.
“Email os simply not a secure way to share or store sensitive or personally-identifiable information,” says Mr. Bennett. “We have to think of email, first and foremost, as a communications platform. And use it wisely.”