We’ve already shared a number of ideas to help you build an effective social media policy for your company. A strong policy for email and other direct communications (such as texting and chat apps like Slack) is just as important, but the challenges are very different.
Social media is fundamentally public, and things you write can pop up in a Google search. Something you said in an email shouldn’t, but the downside is that this can create a false sense of privacy and safety. Emails and texts can be forwarded, screenshots of them can be taken, and they can even be subpoenaed easily. Even if you delete them, copies can usually be retrieved from servers and devices on either side of the conversation.
Meanwhile, “spoofing” or phishing emails—messages made to look like they come from someone legitimate—have made email the favored delivery mechanism for computer viruses and other forms of malware. One careless click on a hyperlink can infect your company’s servers or allow a malicious actor to read through your email, looking for scandal or business secrets.
Keepin’ It Formal
Encouraging or training staff to use old-fashioned formality that used to be common in business correspondence goes a long way toward keeping you and your employees on the right side of the tracks. “If you wouldn’t say it out loud, don’t put it into words. Don’t think you’re anonymous,” says Mike Koehler, the founder of Smirk New Media, an Oklahoma City–based digital strategies firm. He notes that the openness and informality of email removes boundaries that are sometimes better to maintain, and he warns that if you do cross a boundary and embarrass your company, they have every right to fire you. “Some people … say, ‘That person has freedom of speech! They should be able to say what they want to.’ I just try to remind people that they still have freedom of speech—they’re just unemployed.”
Most business transactions that would have been handled with a typed letter 50 years ago are now handled over email. Email is notably less formal than printed letters, however, and people forget that formality is also a form of protection. That impersonal business language may feel stilted, but it’s also a signal that a conversation is not personal, and needs to avoid any number of dangerous topics. If you feel you or any staffers need to brush up, this concise guide lays out the basics of writing a formal email.
If you’ve worked in customer service, you know that the angrier a customer is, the more formal you need to be to keep the discussion from getting out of hand. A key skill in the modern age is adapting the tone of your email to the situation, dialing the formality up or down depending on your relationship to the recipient and the situation. This is a key area to consider for staff training.
The greater sense of privacy and informality also creates an environment conducive to one of today’s biggest corporate risks—sexual harassment. It’s hard to imagine a printed business letter segueing into an invitation for an inappropriate rendezvous, but it happens in emails and texts all of the time.
The solution, again, is setting up and enforcing proper personal boundaries company-wide for all situations. Office training on email etiquette is an excellent occasion for reinforcing those rules.
Don’t Click That Link!
Email also brings a lot of electronic risks, particularly from malware and phishing emails sent to enable malicious hackers who want to break into your office computers. Once inside, they can pilfer business secrets, siphon money out of accounts, or even encrypt your servers and demand a ransom to unlock them.
Koehler says that avoiding these traps boils down to what he calls “digital discernment.” “If something’s too good to be true, or you’re getting something from somebody you’ve never heard of, you should be able to build yourself some survival mechanisms. The IRS does not call you on the phone and start asking security questions.”
Most attempts to infiltrate your security involve emails that entice you to click on a hyperlink. Your click, rather than showing you the promised adorable cat video, might launch a piece of code aimed at exploiting a flaw in the server’s operating system.
Or, after clicking the link, you might be asked to “re-enter” your password for some website (such as LinkedIn, or a bank). But the web page, while designed to look just like the real login screen, is simply a way for the hackers to collect passwords for future use.
These risks can be minimized by your firm’s IT department, which should adopt and implement strong policies and appropriate software tools. Greg Everson, a former IT director and the VP for Innovation, Strategy and Architecture at Prologis, a global logistics real estate company, says Prologis recently instituted a new technology that scans all incoming URLs for bad actors. “Each URL is tested, good URLs are let through, bad URLs are not. We...keep people away from offensive sites, sites that are known phishing sites, etc.”
Technical fixes are helpful, but staff members also need to be vigilant, he noted, especially against “social engineering.” That means attacks delivered by human trickery instead of software. Hackers will sometimes just call up a company, pretending to be an employee who forgot his password. All too often, it works.
The key in all of these situations is making sure your employees understand the risks and some basic safe computing rules. A good rule of thumb is simply to not click on links in an email, period. And be very suspicious of any window that pops up and asks you to enter your password. It’s probably fake, and most likely malicious.
If an email from your bank says there’s an urgent message you need to read, go to their website manually and log in to your regular account. Or better yet, call them on the phone and ask what’s up. If the email is real, they’ll know.
Email has greatly enhanced business communication, allowing a conversation that may have once taken two to three weeks and multiple typewritten letters to happen in as little as five minutes. But this rapid back-and-forth should still be considered proper business correspondence, not a casual talk with friends. Bringing back some old-fashioned caution and formality might be the best way to move email communication forward in the 21st century.
Mark Saltveit is the author of The Tao of Chip Kelly (Diversion Books, 2013) and Controlled Chaos: Chip Kelly’s Football Revolution (Diversion Books, 2015). He writes regularly about health and science for the Oregon Bioscience Association and about football for Philly.com, BleedingGreenNation.com, IgglesBlitz, and FishDuck.com. His work has also appeared in Harvard Magazine and the Oregonian newspaper.