Email Security in the Modern Workplace

Simple strategies for keeping private messages private

Posted by Dawn Lomer in Corporate Security, Information Security on June 13th, 2013
Email has become as ubiquitous as water. It allows us to communicate instantly from anywhere at anytime and it’s instant and free. But email also comes with risk. Used without thought or appropriate security training, email can be a huge corporate security risk. It’s one of the easiest ways to leak private company information, either intentionally or by accident.
Hackers love email and are constantly inventing new ways to get into private messages and systems. In most cases, passwords and other basic email security measures just don’t cut it.

Composing an Email

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Your email password should be one of the strongest passwords in your collection – and you should have a collection if you are following the most basic rule: don’t use the same password for multiple systems. Email accounts are the most common targets for hackers, so don’t make it easy for them to break in. Pay attention to where you access your emails from. Unsecured wireless networks or communal computers (such as those in libraries or internet cafes) aren’t secure, so avoid putting passwords into these computers.

Double-check the name and email address of the person you are sending your message to before you click the send button. Autofill can be convenient, but it can fill in another contact’s information as you begin typing the first few letters of a name or address. This mistake has caught out staff at major companies, resulting in embarrassing and expensive data breaches.

When sending to multiple recipients who may not know each other, use the BCC line instead of the CC line for recipients. This way, all recipients don’t have access to the email addresses of everyone else you’ve sent the message to.


Encrypting outgoing emails gives you extra protection to keep your messages private. Most email services come with a built in encryption functionality. You simply have to enable it. Encryption takes the original version of your message and scrambles it into an unreadable form. The only way someone can read the message properly is if they possess the private key, a password so to speak, to unlock the message.

Digital signatures are critical when sending emails containing contracts or other legal documents when authenticity is especially important. If you are relying on someone to provide or verify information, you want to be sure that the information is coming from the correct source. A signed message also indicates that changes have not been made to the content since it was sent; any changes would cause the signature to break.

Consider using an email security service or software provider to scan outgoing messages for sensitive corporate information, block spam and encrypt emails. But no email message is completely secure, so keep this in mind every time you click send.

Dawn Lomer
Dawn Lomer

Manager of Communications

Dawn Lomer is the Manager of Communications at i-Sight Software and a Certified Fraud Examiner (CFE). She writes about topics related to workplace investigations, ethics and compliance, data security and e-discovery, and hosts i-Sight webinars.

Book A Demo

To our customers: We’ll never sell, distribute or reveal your email address to anyone. Privacy Policy

Want to conduct better investigations?

Sign up for i-Sight’s newsletter and get new articles, templates, CE eligible webinars and more delivered to your inbox every week.