Warning: this article will melt your brain. Consume in small portions and rest frequently. Or skip to the end for the simple advice.
In the not so distant past of technology, the account name you used to access your service or software was usually a single word. Sometimes it was your name, or some variation of first initial and last name, or it was something you got to choose like “soccermom72” or “sunnysdad” or “bruins4ever” etc. As online services grew in popularity and the number of people needing accounts exploded, most service providers realized they no longer needed you to pick a name (and suffer through finding one that wasn’t already taken) as you were already providing them with a unique identifier, so they got rid of all the “catmom2013” ID’s in favor of using your email address. From a technical perspective, this makes perfect sense, but for many users, this can lead to confusion and frustration if you aren’t keeping careful track of your passwords, or worse, using the same password for everything.
When an email address is more than just an email address
Microsoft, Apple and Google are the primary causes of email-as-account-name confusion, especially if you’ve created an account with those services using an email address that has nothing to do with any of those providers. For example, when setting up a new Windows computer, one of the first things it does is ask if you have a Microsoft account, and if you don’t (or think you don’t) it asks you to put in your email address and it will create one for you. So you put in your email address that you’ve had for years (something-at-aol-dot-com?) and the set up process has you create a password for this new account. Many people misread this prompt as “enter your current email” password, and don’t realize Windows is actually asking you to create a new password for your new Microsoft account, but also, typing in your email password (Twice? Why is it asking me to enter it twice?) works, because as far as Microsoft is concerned, your current email password will also work as your new Microsoft password. Do you see where this is going?
So now you’ve got a new Microsoft account that uses your email address and password as the login. “Convenient,” you think. “One less password to remember.” Until you need to change your email password because maybe it got hacked, or your IT consultant warned you to stop using it. Whatever, you’ve changed your email password. Then you go to log into your Windows computer, which is using that same password, right? Wait. Why isn’t this new password working? I just changed it and I know I wrote it down correctly! OK, I’ll try the old one. Why is that working? But the old password doesn’t work for my email now? WHAT IS HAPPENING?!?!
For most folks that don’t daily marinate their brains in technology, it’s a common mistake to think that using your email address for an account name confers global login capabilities to your services with your email address and password. It does if you use the same password and never change it, but the moment any of the services insist on a password change, confusion is imminent. And here’s something that will really bake your noodle: if you set it up right, your email credentials can actually do this with a lot of services and keep in sync with password changes! But it has to be a certain type of email address (Microsoft, Google or Apple powered) and the services all have to have that capability (usually labeled as “login with your XXXX account”). This was a very popular authentication method in the early 20-teens, but once major password leaks started occurring, more services were shying away from “single sign-on” as folks were having their entire online lives stolen with a single password. In reality, most people will have a mixture of single sign-on services and regular logins, all using their email address as the login name. And if they don’t make a point of recording passwords used with particular services (especially if those services don’t ask for passwords often), human memory will just mash all of it together under “email address and this password.” Even writing it down is confusing sometimes, especially if you look back later at your notes and see the following, “Microsoft account uses Gmail address and this password,” or “Google account uses my AOL email address as login.” Wait, my email doesn’t come from Google, it comes from AOL, doesn’t it?!?
What’s the solution to this madness? Password trackers and unique passwords, and understanding that just because an account is using your email address as a login, it doesn’t necessarily mean that it’s using the same password. In fact, if you are “doing it right”, nothing should have the same password unless you are using a collection of services that are designed specifically to authenticate against email services that provide single sign-on capabilities. Still confused? You are in good company. Just take good notes, track your passwords, and make sure you have C2 on speed dial when things get weird.
Image by Gerd Altmann from Pixabay
Nearly two years ago I wrote a three–part article about taming the most ferocious of virtual beasts: your email. Even though I know all of you fight the good fight on a daily basis, some of you are your own worst enemies, multiplying your load by maintaining more than two mailboxes (personal and work) on top of your regular social media addictions. I’m not talking about the folks whose work responsibility includes managing mailboxes for other people (but I feel for you, especially the ones that face 5-digit unread counts). If you aren’t in the fortunate position of having human help to manage your collection of mailboxes, you should really consider consolidating or outright deleting those old email accounts.
Sacrilege! Burn the witch!
Before you go all angry mob on me, here’s why you should slim up your email presence by ditching seldom-used email boxes.
Security – there are so many reasons why managing multiple mailboxes is a security nightmare, but here are 3 that should resonate with you:
- Remembering and maintaining passwords for all your mailboxes. You’re using strong passwords for all of them, right?!?
- Old email accounts are a treasure trove of identity info for data thieves. If you don’t check them often, they might even be compromised already, and may have been for months or even years.
- Every email address gets spam and malware. Multiply your risk by the number of mailboxes that receive email. Multiply by 2 for “free” email accounts that have poor or no spam filters.
Expense – each mailbox is another mouth to feed. Even the free mailboxes aren’t really free:
- What’s your time worth? If you spend 15 minutes a day managing a mailbox, you will spend nearly 8 hours a month that could be better spent elsewhere.
- If you are using your phone to check these email boxes, that data downloaded is costing you, especially the spam – it’s the digital equivalent of empty calories, but the only thing getting fat is your mobile carrier’s bank account.
- Get infected by malware from a poorly protected email account? A minor malware cleanup will cost you a minimum of $200-300 if handled by a firm like C2, and we haven’t even accounted for your lost time, productivity or sales. We won’t speak about network-wide infections – those costs can start piling up into really big numbers, even if you are insured and backed up.
Next week we talk strategies for thinning the email herd!
Image courtesy of iosphere at FreeDigitalPhotos.net
The good ship Yahoo is still battling troubled waters on its journey to the safe harbor of a Verizon purchase. Reuters has just released a massive bombshell that may blockade if not outright scuttle the $4.8bln deal: two former employees of the beleagured media company have alleged that Yahoo complied with a classified directive from a government agency to directly surveil the millions of email accounts hosted by Yahoo in 2015. According to the Reuter sources, the decision to open Yahoo Mail’s kimono was made behind closed doors, excluding Yahoo’s then Chief Information Security Officer, who apparently resigned because of this incident.
Whiskey Tango Foxtrot, Yahoo?
Normally, I don’t urge folks to get out the pitchforks and torches, but on reading this I actually used language not normally heard in polite company. Thus far the government agencies named are declining comment. If the allegation proves accurate, I’d say Yahoo customers had their Fourth Amendment rights violated and thoroughly trod upon any trust they might have had left with their still substantial customer base. Coupled with the recent massive breach they experienced in 2014 and the debacle that was their conversion to a new email platform in 2013, it’s no wonder Yahoo has gone from an Internet powerhouse to second-tier media company up for sale. If you are still using Yahoo as a primary email provider for work, you should stop doing so immediately, not only for security issues that they can’t seem to get ahead of, but now for serious breaches of privacy and trust.
In the early days of the internet, building a server dedicated to providing email for your company was a sign that you understood the significant role it played (or would play) in your company’s success. Even small companies spent countless thousands of dollars investing in these complex technology beasts, primarily because it was either that, or use consumer services like CompuServe, HotMail or AOL which just couldn’t meet the growing security and legal needs of most companies. Fast forward to today and I’m still seeing SMB companies insisting on running their own servers for reasons that have since become a liability to their own business.
Things you should consider if you are still running your own email server:
- Do you think your email server is more secure than the ones run by Google, Microsoft or any technology company who’s entire business model is built around providing that service? Unless you are in the business of providing email services, you should focus your efforts and money on your core business.
- How reliable is your technology infrastructure? What happens when your internet goes down? What about the power in your building? Most clients I know have at least one planned power outage a year and probably several unplanned ones, on top of the occassional internet circuit failure. One client was recently down for over a week during the Verizon-Frontier fiasco. Could you survive without email for that long? Could your company?
- How much money have you spent supporting an email server that provides service for a small staff? Have you calculated the cost per user per month? Is it less than $5? If not, you are not “beating the market”. And even if you are, how long do you think that will last? Did you factor in spam and malware filtering licensing costs?
- After having the same mailbox and server for years, has your mailbox grown to an enormous size and now you are running out of space and have no real means to do anything about it? Is your mail backed up? Can you even reasonably search through that much email and not have constant problems?
- Have changes in your industry required you provide security like encryption or compliance filtering? Suddenly you are faced with the prospect of needing to not only purchase new software, but also having to update your technology infrastructure just to be compatible with the new software.
If any of these five points hit close to home, you should definitely be considering the move to a hosted email provider. The market has stabilized to the point of being able to provide enterprise-grade email services on an SMB-sized budget, leveling a playfield that used to favor deep pockets and dedicated IT staff. It’s time to retire the in-house email server and invest in the future of your business instead of a dead-end technology strategy.
In a disturbing trend that bodes ill for everyone, multiple US healthcare institutions have been victimized this past month by highly effective ransomware attacks. In each instance, the malware infection has significantly disrupted operations and, in some cases, forced administrators to actually pay out thousands of dollars in ransoms to regain control of their data and IT systems. In the case of the Hollywood Presbyterian attack, the hackers initially demanded $3.6 million in bitcoin to release the data and systems their malware had encrypted, but settled for $17k. More hospitals in California, Kentucky and Maryland have also been hit and crippled by ransomware attacks, in some cases paying the ransom to regain control of their IT systems, and in other cases recovering systems and data through established data backup platforms and security protocols. And just to keep things interesting, toy-maker Mattel was also defrauded out of $3 million after falling victim to a carefully-planned an well-executed email scheme.
What this means for you:
Though some of the hospital attacks mentioned above are thought to have come from a documented server exploit known to exist in healthcare software platforms, analysts are reporting a surge in emails carrying viral payloads including new, highly-effective variants of ransomware, probably because of the highly-publicized ransom payment made by Hollywood Presbyterian. The harsh reality of this worrying trend is this: it costs criminals virtually nothing to start malware campaigns that are resulting in hundreds of millions in damages to organizations around the world, and it’s netting those same criminals an equivalent amount of money paid by desparate victims. Despite spending millions on security, businesses and individuals around the world still fall victim to this ploy because of the humble email. Previously I had written about ways to spot fake emails (and you can still spot them if you look hard enough), but given how many emails we receive, and how clever attackers are becoming, it’s only a matter of time before any of us get duped and it’s already too late after that second mouse-click. Or is it? Though the ransomware attacks managed to disrupt operations at the hospitals mentioned above, several of them were able to get back to work once the infections were cleaned out and data restored from backups. The temporary disruptions caused by the compromised systems were kept to a minimum, as was the damage to the wallet, by a tested (and now proven) disaster response and recovery/backup plan. How long could your business afford to be disrupted by a ransomware attack? Could your business survive the loss of critical data? What about the reputation damage resulting from disclosing the attack to customers? If you thought a backup platform was expensive, consider the alternative. In the case of Hollywood Presbyterian, $17k was just the down payment on a huge hit to the wallet.
Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net
You’ve done the hard work we outlined in the previous two parts of our series on the email beast, and now you are ready to tackle the summit of your email Everest. There are a variety of reasons to retain email, but they generally fall into two categories: “legal” or “industry/business best practice”.
Interestingly enough, there is no federal mandate (yet) directing US businesses on how much or how long email must be retained. However, if your industry is bound by legal or regulatory requirements to retain certain types of electronic documentation for a certain amount of time, you should consult with your lawyer about where this may intersect with documents and information stored in email. If your company establishes a retention policy, it’s incredibly important to adhere to that policy. Deviations or failures to enforce a formal company policy (“I have no idea where that email is, your Honor,”) are dealt with harshly in court, and will be costly. Relying on a manual process (such as Outlook’s “archiving” functionality) is fraught with failure, so any formal retention policy should be a centrally managed and maintained by an automation process rather than a human. Not all email providers include this capability, especially the consumer “free-mail” services like Gmail, Outlook.com, Yahoo, etc. Business-class service will typically offer retention capabilities as an add-on service, so make sure that if you need it, you can actually implement it on the server side.
Bottom line: If you have a formal retention policy, you must enforce it or you could face significant consequences in litigation.
If you fall into the broader, less compliance-bound audience that would like to keep track of the information that is contained in your vast email archives, consider a different way of retaining that data rather than relying on Outlook archives and your overstuffed email server hard drives. In most cases, people retain emails in order to track conversations with clients, customers, vendors, etc. If your business relies on this information, you should consider a tool that is built specifically for that purposes, and you’ve probably already realized that Outlook is not that tool. Before you despair, I do have good news for you: there are literally hundreds of Customer/Client Relationship Management (CRM) solutions that integrate very well with Outlook. Implementing a CRM solution for your company is not as easy as the sales videos would have you believe, but it may be very worthwhile in the long run.
The most crucial element in successfully implementing a CRM solution to funnel your customer/client emails into is follow-through and consistency. Everyone needs to be fully trained on how to use the system properly, and then they must use the system consistently. Most CRM implementations fail not because the software is bad, but because the company doesn’t get 100% buy-in from ones that need it the most: executives and the sales team. If everyone has sales responsiblities, then everyone has to use the CRM software.
At the very end of this long climb up “Mount Email”, regardless of what solution you choose to retain, the final consideration should always be data backups. Whether it’s a formal retention platform, CRM solution, or simple PST files, make sure your platform of choice is supported by a solid backup strategy that includes at least 2 different backup mediums. Understand how often your data is backed up, where it’s stored, and how you retrieve it in the event that disaster strikes.
Image courtesy of bplanet at FreeDigitalPhotos.net
Last week we talked about our “growing” email problem. The average size of an individual email as well as the overall volume has increased substantially over the years, and some parts of the email technology platform have changed to accommodate that. In other critical areas it has only barely kept pace or fallen woefully behind. Though it’s changed its look over the years, Outlook still works essentially the same way it did nearly 20 years ago. And while we have more ways to read our email now with the proliferation of mobile devices and cellular data networks, I rarely come across a business professional who isn’t struggling to stay afloat in the growing email tide.
So how do we address this weighty issue?
First off, reduce the volume in any way you can:
- Better spam filters – the best ones work at the server level, and don’t rely on your local email client. If you are using a local spam filter on top of your provider’s “filter”, you need to adjust the settings on the server side so they never get delivered, or change providers. It’s a hassle, but a good spam filter will make it all worthwhile.
- Ditch the mailing lists – if you spend more time shuffling unread newsletters into the “later” folder, you should either look at subscribing to a less frequent digest, or unsubscribe altogether. Ironic advice coming from someone who sends a newsletter. Hopefully because you are reading this, our newsletter makes the cut.
- Separate business and personal – modern email clients and mobile devices allow you to stay on top of multiple email accounts, so there’s no good reason to keep everything in the same mailbox. Don’t go hog wild (5 separate mailboxes is just as bad as single overstuffed box), but if you are using your business mailbox for everything, you really need to move the personal stuff to a separate email account.
- Delete, don’t archive – once you get over the initial fear of throwing away an email permanently, you may find it amazingly liberating and a great way to reduce stress. Be mindful of your company’s retention policy and business practices, but delete anything that isn’t critical. Because it’s “virtual”, email becomes a convenient way for our “inner hoarder” to manifest itself. As with anything hoarded, the volume rapid overtakes any benefit gained from keeping the stuff around. Be merciless, even cruel, and give your delete key a solid workout.
A lot of you have heard this advice before (probably from me), but it always bears repeating. The only way to drink from a firehose is to reduce the pressure. Getting in front of your daily email workload will grant you time to focus on the next task: sorting, filing and putting to use the email you do decide to keep.
Make sure to stop in next week for the final part of our series on taming the email retention beast!
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Several clients learned some hard lessons this week. First and foremost, no one is immune from malware, no matter how much money and time is invested in security. If you still don’t believe this, you might be surprised to know that the White House was hacked recently. Granted, I made fun of government-run websites and their pitiful security, but one has to imagine that the Secret Service takes POTUS security very seriously, and yet Russian hackers seemed to be able to access sensitive information by fooling someone through a phishing email. Yes, email. That indispensable tool that we can’t live with and can’t live without. While we are frequently the agents of our own demise (surely this email from this overseas lawyer about a long lost inheritance is real this time), we can also be the agents of our own salvation as well.
Let me testify!
Above all, stop opening attachments sent via email, and likewise, look for ways to stop sending attachments via email. There are tons of secure file sharing options out there (keep in mind we don’t consider the free Dropbox among them…yet), but as long as the business world continues to rely on attachments to get things done, cyber criminals will exploit your willingness to open things sent to you via email. Resist the urge to open attachments even if you recognize the sender, and verify via phone if they indeed sent the attachment. Here’s an important clue: financial institutions, law enforcement, government agencies and just about any large consumer-serving company will not send you an attachment in order to get you do something or notify you of important information. FedEx nor UPS do not send you delivery confirmations as attachments. Neither your bank or credit card company will send you an attachment asking you to open them. If you receive what you believe to be a legitimate attachment from a company with which you do business, call them to verify they sent you that file. Ninety-nine times out of one hundred, they did not send that file. I guarantee that you will receive emails that look and read 100% legitimate, but will in fact be clever attempts to trick you into nasty malware infection. Even the best anti-malware software won’t be 100% effective all the time. The criminals who send you attachments anticipate you have some form of protection installed, and their payloads are designed to turn that “foot in the door” into a full-scale home invasion, anti-malware or no.
The best management coaches say to always pair a “stop doing this” with a “start doing this”. Are you backing up your data? If not, you need to start, right now. If you are, have you checked your backups lately? Tried restoring a file? Are your backups stored offsite? One of the clients mentioned above was thoroughly decimated by the infamous cryptolocker malware. Not only did it take out a principle workstation and all data, it also kidnapped their server data and mangled their backups, primarily because they were onsite and not designed to go back more than a week before being overwritten. Cryptolocker is infamous for hiding out for days before making its presence known, precisely to destroy local backups in this fashion. If you are using proper offsite backups, either through rotating media offsite manually or by using a cloud-based platform, this form of infection is annoying but survivable. Do yourself a favor and review your backup strategies immediately!
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Before the advent of computers and the internet, getting control of the “paper tiger” was a common topic of conversation, both in the home as well as in the office. While paper is still an issue, most of us are distracted by a new predator that stalks us: the never-ending stream of email. Properly dealing with an overflowing email inbox is easy to put off until another day, because, unlike paper, it doesn’t create a physical mess that is hard to ignore, but it will render email much less useful, and in the long run it can wreak havoc on your productivity.
For email to be an effective work tool, your goal should be zero unread messages by the end of each workday.
For some people who have an excess of 1,000 unread messages in their inbox at any given moment, this may seem unattainable, but “inbox zero” is achievable with a little work. It will take more than one clean-up session and it requires ongoing discipline to maintain, but the results are worth the effort. It also takes some amount of ruthless dedication focused on deleting messages that you haven’t read and probably never will. With this in mind, it is okay to leave some messages in an unread state, especially if they can’t be dealt with at that moment.
The “unread” status of an email is a marker for what needs to be handled every time you read your email.
With these two concepts in mind, here are five things you can do to achieve this objective:
- Set aside time during the work week for email “housekeeping”. Block out the time on your calendar if you have to, and if your schedule allows it, make it the same time each day. Different times of day and various amounts of time will work for different people, depending on your average email volume. If your load is heavy, you may want to consider bracketing your day with 30-minute sessions. Focus purely on email. Seclude yourself – close your door, put on headphones, forward your phone to voicemail, etc. – and ignore those other distractions.
- Set up automatic rules or filters to process non–urgent emails. This could be anything from system generated emails from various workflow platforms, receipts from online purchases, newsletters that you do plan to read (but see item #3), or mandatory distribution lists (some of this is unavoidable if you are in a supervisory position). You could even go so far as to automatically delete emails that you can’t avoid receiving and don’t necessarily need to read, such as automated responses, or out-of-office messages from folks who use it even when they are only out for the day or weekend. The ultimate goal is to reduce the number of emails you have to manually process during your scheduled email sessions.
- Unsubscribe from all those mailing lists. Yes, I know they are full of information and relevant to your interests, but having them pile up unread, week after week, is the digital equivalent of hoarding. If they were important to your job, they wouldn’t be contributing to an unread Mount Everest. If your unread count on any given list exceeds 5 or more, you are not likely to ever catch up, so delete them, and seriously consider canceling your subscription. It’s likely the list maintains an online archive in case you ever need to research something, so not getting it in email does not equal knowledge lost forever. At minimum use #2 to get them out of the way of item #1, and set up another rule to auto-delete after a certain amount of time.
- Separate work and personal email. Before the advent of mobile devices and webmail, this wasn’t too hard to ensure, as many companies just disallowed access to personal email. In today’s work environments, personal emails are literally a swipe or two away. Aside from obvious safety and security reasons (opening a strange email from a Facebook friend on your work computer is not a good idea!), disciplining yourself to not check personal email during work hours, and vice versa, will help keep you focused when working, and allow you to relax when you are not.
- Delete. Empty your trash can. The trash can is not a storage folder, it’s meant as a short-term safeguard to retrieve emails you accidentally deleted. Just like cleaning up around the house, the last task you should be performing in your email housekeeping is emptying the trash. It will help keep your inbox to a manageable size which is still important, even in the days of seemingly unlimited mailbox storage. Also, delete everything you don’t need to keep, especially old newsletters, automated emails, etc. If you delete while you read, you’ll get to inbox zero faster than you might think. Regardless of how fast computers actually are, important information can be found much faster when your CPU doesn’t have to wade through thousands of useless emails.
We have the entirety of humanity’s knowledge at the tips of our fingers, but if it’s lost in an inbox with 3,000 unread messages, it’s not doing us much good. These five tips are only baby steps towards processing the fire hose of information that is today’s internet-connected work environments. Managing your email will allow you to spend more time on the other things that aren’t so easily corralled, such as building a successful business and leading a fulfilling and stress-free life.
Image courtesy of cuteimage at FreeDigitalPhotos.net