With password protection and encryption, a user can have some measure of security for misdirected messages. However, the best way to prevent accidents is to teach users what to do when things go wrong, as well as how to do it right in the first place. If possible, IT managers should also configure e-mail software so that the default setting produces the safest outcome.

The million-dollar challenge is to decide which type of security strategy and encryption software to use, and to determine whether it is prohibitively costly. A simple search on the Internet will show you that there are dozens of products available, some of them at no cost -- meaning no monetary issues should get in your way.

It's important to note that when you're shopping for a product, you should match the protection provided for e-mail messages, systems and software to the value or sensitivity of the information that will be transmitted. Generally speaking, it's best to use a centralized control for e-mail services.

E-mail policies should be defined and should specify the level of protection to be implemented. Of course, if your company is using a secure channel like a VPN, your messages will be secure in transit, since VPNs typically employ some combination of digital certificates, strong user authentication and encryption to provide security for the traffic they carry.

These days, many lawyers, accountants, actuaries, financial planners, medical professionals and others freely send critical personal information in an unencrypted format. It is imperative that this practice change, with organizations adopting policies for the safe and secure handling of e-mail. Educating employees about safe e-mail usage and delivery policies helps reduce the risk of intentional or inadvertent misuse, thereby ensuring that confidential records transferred via e-mail are secured properly in transit and upon receipt.