Cybersecurity | Email

A Future Without Email

July 1, 2022 by

The first email was sent over half a century ago, back in 1971! And then almost 30 years later, Blackberry introduced push-email, allowing workers to take their email on-the-go. Being able to access email outside of the office was revolutionary, and was a status symbol at the time.

(Read about the history of email here.)

It’s quite impressive for a technology to be so “old” and still be widely used today.

Today, email can be defined as a “limitless information database”:  we can send, receive, delete, archive, view, invite, share and store pretty much anything virtual. Email changed the way people communicate, allowing a near-instant connection to anyone in the world  through our computers, phones, tablets, watches, vehicles, and even bathroom mirrors.

But maybe it’s time we get rid of email? 

Why Eliminate Email?

For starters, my Outlook tells me I currently have 5565 unread emails. Many people are in a similar  situation, searching through the countless alerts, subscriptions, spam, etc. for any legitimate email that requires action.

There’s no official rule of law for managing email. Some people organize every single email daily, others use rules to automate email flow into sub-folders, and people like my father-in-law, Tony, will do a brief scan of all email, then purge everything.

I initially thought Tony was crazy for deleting everything. “What if, next month, you need email X from sender A sent in 2013?”  However, I began to realize email doesn’t have much value anymore. Everything can be accessed through a service’s portal, messaged in a chat, submitted through a web form, or managed in cloud storage.

But Why Do We Need to Get Rid of Email? 

Email is Too Risky: In the past decade, individuals and businesses have lost millions – if not billions – of dollars to hackers.

  1. The most common risk for individuals, businesses, and governments are phishing emails. A hacker can easily impersonate a service or person in exchange for something of value, i.e. credentials, wire-transfer information, gift cards, or downloading a file.
  2. Most people associate their email account with a service or subscription, which is convenient, but could provide a hacker access to sensitive information. Bank details, address books, and every document you’ve sent to your partner/family/friends/tax person can potentially be accessed.
  3. Multi-factor Authentication (aka MFA/2FA) is still not a requirement for some email platforms or online services using your email account, making email easily accessible for bad actors. Some services use MFA, but send the security code to an email address! So should a hacker have access to your email, they can now access all your services linked to MFA with your email and now your data on those services has become compromised.
  4. If your email becomes compromised, you’ve likely just opened the door for a hacker to email everyone you know and potentially compromise them as well.
  5. If a hacker gains access to your email, they could set up a rule to capture specific sets of data without you knowing. The hacker could impersonate you and request sensitive material, financial details, purchase gift cards, or account information.

Email is a Limited Tool in a Modern World: Email cannot be relied on as a solution for managing requests and promises.

  1. If we send an email to someone, there’s no automatic indication that the recipient has received the email, or that they have read it.
  2. Some advocates of email may say the Read Receipts feature can be used in Outlook; however, Read Receipts are optional for recipients.

Email is Too Expensive: For the average worker sending and receiving emails, a monthly expense is required. 

For most businesses:

  1. An email account usually requires a monthly subscription.
  2. A premium spam filter is necessary, which may require  an additional monthly subscription.
  3. An IT resource may need to be hired to manage email infrastructure, email compliance, email reservation, email security.
  4. Preserving a copy of all email outside of the mail server or service is necessary for a disaster recovery plan.
  5. The majority of employees spend hours of paid time checking and responding to email.

 For personal email:

  1. It’s encouraged to subscribe to a premium service from your email provider as they can offer a portion of these business features.
  2. Again, these premium add-ons usually have a monthly cost associated.

Email is not productive: The average US worker spends about 4 hours a day managing email. That’s roughly 1000 hours a year.

(How many hours have you wasted on email at work? Try this depressing calculator.)

Example: If the average employee at a company of 100 employees is earning $50k a year x 4 hours of email per day x 50 weeks (Roughly 1000 hours; 2 weeks PTO/Holidays removed), then this company is spending roughly $2.4M a year on employee salaries for viewing/responding to email.

Email is Distracting: 79% of US workers say they check work email while on vacation.

Email is bad for the Environment: Email is more than sending or receiving a single email, especially for businesses. When an email is sent:

  1. A copy is saved on the sender’s computer. Some users  have so much email stored that they require more storage for the computer as the messages continue to grow.
  2. A copy is saved on the user’s phone.
  3. A copy is saved on the user’s tablet.
  4. The mail server will retain a copy.
  5. Your mail administrator should be backing up your email on additional storage.
  6. And in case of a disaster, the email or original backups should be copied offsite in a datacenter or another region of the world.
  7. The average account receives roughly 8 out of 10 emails marked as spam, so most email is actually junk.

(What percentage of e-mail is actually spam?)

Email is a Compliance Nightmare: “Remember that email Joe sent to Sue back in 2013 regarding Client A’s acquisition of Client B? We’re going to need a copy of that, and every conversation associated with that topic by next week.”

Some compliance, such as requests for GDPR Erasure, requires IT to search for specific email conversations or data in the active email database as well as backups. The process of removing specific data from backups can be time-consuming for IT and may require the integration of a third-party service subscription.

What’s Next for Email?

With plenty of other communications options, it’s clear that if email was abolished tomorrow, the world would continue operating just fine. And I think I’ve clearly justified its removal…but I also recognize that with such wide adoption, email is not going away just yet. I acknowledge that it will probably be around for the next decade – at least. So here are some tips going forward:

 For Individuals

  1. Use Multi-factor authentication (MFA/2FA) for email and all other services offering this security option.(What is Multi-factor authentication?)
  2. If a new service requires email, setup an alias for every service you subscribe to, i.e. JimmysNetflix@gmail.com. Should the service you’re using become compromised or you are unable to subscribe to advertisements, you can easily delete the alias and never be associated with that service again.
    (Send e-mails from a different alias or email address.)
  3. Use your primary email only for communication to people you know.
  4. Never reuse the same password for any service.
  5. Never write down passwords.
  6. Utilize a reputable password manager with MFA. (very similar to #1)
    (The best password managers of 2022.)
  7. Always question unknown senders. Whether they are asking you to click on a link, download an attachment, respond to their request, or asking you to buy or subscribe to a service, it’s likely a scam and could cost you.
    (How to spot phishing attempts.)
  8. Use video services such as Hangouts or FaceTime
  9. For any sensitive information-sharing (such as tax documents), upload the data through a verified customer portal or in person. It’s best to call the company from the phone number listed on their website or map directory to confirm the upload process.
    (The best way to send documents to your accountant.)
  10. Participate in security awareness trainings.
    (Security awareness simply explained.)

 For Businesses

  1. Follow the Individual practices listed above for work as well.
  2. Implement a company-wide security awareness program, including annual live meetings, monthly phishing/smishing/vishing tests, and quarterly materials on the latest threats.
    (Enterprise security awareness training.)
  3. Use Single-Sign-On instead of creating a new account and password for each service you use at the business.
    (SSO explained.)
  4. Use Business Chat whenever possible.
  5. Use Business Video conferencing whenever possible.
  6. Distribute business data through various secure platforms following the Principles of Zero Trust.
    (Let’s talk about Zero Trust.)
  7. Share files only to a designated recipient via a link with an expiration date.
    (Set an expiration date for Anyone links.)
  8. Use services that can alert you if action is required through a notification bell, such as:
    • Microsoft Teams or similar (communication, video conferencing, internal file sharing)
    • Atlassian or similar (documentation, meeting notes, project planning)
    • Status Page (Company Updates)
    • Webhooks (Managing service alerts)
    • DocuSign or similar (Electronic Signatures)
    • Survey Monkey or similar (Forms and surveys)
    • Salesforce CRM or similar (Managing customer data and communication)

An email-free world may seem unrealistic, but as more people and businesses spend hours checking email, sending unsecured sensitive documents, or getting phished, the world will continue to evolve to alternative solutions.

Now back to my 5565 5713 unread emails. Be safe out there.

Leave a Reply

Your email address will not be published. Required fields are marked *