As members of the UBC community, many of us are now communicating more than ever—emailing, chatting, and collaborating at a rapid pace. While this connectivity is essential to how we work, it can also feel overwhelming. The result? Digital exhaustion, cluttered inboxes, and a higher risk to the sensitive information we are trusted to protect.
At UBC, faculty and staff handle a wide range of Personal Information (PI), including employee IDs and student records. One of the simplest steps we can take to support the protection of this information is managing our digital clutter, starting with our inboxes.
A busy inbox is more than a nuisance. It increases the likelihood of mistakes and creates openings for both cybercriminals and accidental data exposure. Here are three ways inbox overload can put the university at greater risk—and practical steps we can all take to help.
1) Email Is the Primary Gateway for Cybercrime
Email continues to be the most common way attackers try to break in. In fact, over 90 per cent of attacks originate through email. Adversaries know we’re busy—and they take advantage of that.
One of the biggest threats is phishing, including targeted scams like Business Email Compromise (BEC). These messages are designed to look legitimate and often create urgency through contrived deadlines or high-pressure requests. The goal is to convince someone to act quickly—such as sending sensitive information, forwarding funds, or opening a harmful attachment.
Even without malicious intent, overwhelmed employees may click, approve, or forward something unsafe simply because they’re rushing. For an external attacker, gaining access through an insider action—like opening a harmful attachment—is often the easiest path.
2) Digital Clutter Creates Hidden Vulnerabilities
Holding onto emails we no longer need doesn’t just make daily work harder, it increases risk.
Many old messages are considered “transitory records”—information that is only useful for a short time. When these records pile up, two problems emerge:
- They’re inefficient to manage
A bloated inbox slows us down and makes it harder to find what matters. - They cost money and increase breach impact
Storing data requires maintenance and backup. More importantly, keeping records longer than necessary heightens risk. If unauthorized access occurs, the more data available, the greater the potential harm.
Clearing out transitory records helps reduce both clutter and exposure. The good news is that UBC’s FASmail enterprise email service helps with this: items stored in the default Deleted Items, Junk Mail, and RSS Feeds folders are automatically destroyed after 90 days to align with Records Management policies.
3) Overload Raises Insider Risk
Insider risk is often misunderstood. While it can involve malicious intent, more commonly it results from good people trying to keep up in a high-demand environment.
When employees are overwhelmed or burned out, they may try to work around system constraints or create personal backups to manage workload. These actions aren’t intended to cause harm, but they still create real risk.
A positive workplace culture that promotes balance, supports strong data practices, and encourages asking questions can significantly reduce both deliberate and accidental insider risk.
Four Practical Ways to Reduce Risk
Improving data protection doesn’t have to be complicated. Small habits can make a big difference:
| Declutter Regularly | Review and delete outdated or irrelevant messages from your inbox and devices. A great place to start is your Junk folder—this quick clean-up helps keep clutter manageable. |
| Organize and Manage Records | Use folders, categories, or labels to organize emails you need to keep. If you use Microsoft Outlook, categories can help add useful context to messages. |
| Stay Alert to Phishing | Familiarize yourself with how fraudulent emails look. Be cautious of messages with urgent or threatening language. If something feels off, verify through an official channel before acting. It’s always faster to confirm than to recover from a breach. |
| Secure Your Identity | Enable Multi-Factor Authentication (MFA) to help prevent account takeover. Compromised administrative accounts without MFA are particularly vulnerable. |
A Shared Responsibility
Protecting sensitive information is a shared responsibility, and it’s manageable when we take simple steps together. A tidy inbox isn’t just about staying organized; it allows us to spot suspicious messages more easily, limit the impact of breaches, and support a safer, healthier digital environment.
By staying informed, managing our records, and practicing good habits, each of us plays a role in safeguarding the UBC community. Even small actions make a big difference.