Question

6.2        Radical Rewrite: Instruction E-Mail—Tips for Avoiding Hackers

Your Task. Analyze the following e-mail to be sent by the CEO to all employees.

• Step 1: Identify five or more weaknesses describing why each is a weakness.
• Step 2: Revise this e-mail so that it reflects writing techniques you learned in this and previous chapters.

To:           Staff Members

From:          G. B. Goldman <[email protected]>

Subject: Hackers!                

Staff Members:

This is to inform you that, like other banks, we are afraid of hackers. We fear that employees will expose valuable information to hackers without realizing what they are doing. Because of our fear, we have consulted cybersecurity experts, and they gave us much good advice with new procedures to be followed. Here are the procedures suggested by experts:

1. We don’t want you to leave out-of-office messages. These voice mail or e-mails might explain when you will be away. Such messages are a red flag to hackers telling them that your computer is vacant and not being monitored.

2. Because smartphones can be lost or stolen, don’t snap photos of company documents. Phones may be lost or stolen, and our data might be compromised.

3. Although small memory devices (thumb drives) are handy and easy to use, you may be inclined to store company files or information on these drives. Don’t do it. They can easily be lost, thus exposing our company information.

4. Using work e-mail addresses for social media is another problem area. When you post details about your job, hackers can figure out an organization’s best target.

5. Phishing links are the worst problem. Any request for password information or any requests to click links should be viewed with suspicion. Never click them. Even messages that seem to be from high-level officials or the human resources department within our own company can be sophisticated, realistic fakes. Examples include a request to click a link to receive a package or to download a form from within the company.

We want to let you all know that within the next two months, we plan to begin implementing a program that will educate and train employees with regard to what to avoid. The program will include fake phishing messages. The program will be explained and you will learn more from your managers in training workshops that are scheduled to begin September 1.

G. B. Goldman, CEO
First Federal Savings and Loan | [email protected] | 678-405-3302

Answer 1

These are the parts where the message is weak:

> First, employees must be made aware of how susceptible they are to cyber attacks and how important it is to be secure

> The tone of the message conveys that the CEO is not confident of his employees and he feels that employees are totally ignorant.

> It is more like giving orders on what to do and what not to do.

A better message would have been as given below:

Dear Staff members,

As you are aware, numbers of banks being hacked are increasing these days. Cyber security is very important for any bank. In order to ensure that our bank is secure, we would require your help. A little caution during our daily activities would help us prevent the cyberattacks. A team of cybersecurity experts was consulted on this and the following suggestions have been made:

• It is a general habit for all of us to leave out of office messages so that everyone associated with us gets informed when required. But, this also has a risk attached to it. These messages act as a clue to the hackers and they would get to know when the systems are unmonitored. I request you to use alternate methods of informing your colleagues or clients about your absence.
• Smartphones and small memory devices are susceptible to theft. Hence, we are advised not to store any important company information in those as our data would be compromised in case of theft.
• Please refrain from using office emails for social media. We will become an easy target for hackers in such a case.
• Be cautious when providing password information or clicking any link. Generally hackers enter the system through these.
• In few instances hackers pose as high level officials from within the company. The messages sent by them look so sophisticated that it’s hard to distinguish fake from real. One such example could be a request to click a link to receive a package or download a form from within the company. Please find out whether it’s for real before clicking any such links.

            

               In order to help us understand more ways of handling this threat, we have planned a program aimed at educating and training employees on suggested ways. The workshops would begin from 1^st September.

              Let us all be more cautious and prepared and prevent our systems from getting hacked.

G.B. Goldman, CEO