A few weeks ago I wrote about recent situation in which the Des Moines public school system superintendent’s career was brought to a standstill (it is yet to see whether it is temporary or permanent) by using the public school email system to exchange 115 personal messages, and including at least 40 cases sexually explicit messages, with her lover, married with children highly decorated Army Captain Hintz. Since that time he has been fired from his position as head of Army Recruiting Command, a Des Moines-based recruiting company. So not only was one person’s misuse of her employer’s email system the cause of her own career downward detour, it also has had ripple effects and derailed the career of the man who was corresponding with her, and likely also further ripples out to damage his family.
More privacy and security lessons
In addition to the lessons from my earlier post, this provides additional lessons:
- Include in messaging training the lesson that workers need to consider the impact to those with whom they are messaging. They should ask themselves if their messaging will bring some type of harm to their recipients, and those associated with them. While not everyone getting such training will be able to relate to such empathy, many others will, and will think before posting something that perhaps they wouldn’t care was discovered, but that others would care about.
- Even though email messages are not intended to be posted publicly online, they could very well end up online virtually forever. Many folks consider emails to be much like (non-tapped) landline phone conversations; that only those actually on the call will ever be privy to the information discussed. However, as this situation shows, the most intimate of discussions may wind up being open for full public scrutiny.
- Never use business email services to for personal communications. If someone is sending personal messages to you from their business email address (you can usually tell the business address by looking at the information after the @ sign), ask them to communicate with you from their personal, non-shared email address. Or, better yet, to call you on the phone. Or, just wait to speak to you face to face.
It is worth repeating: Never assume that everyone knows what is and is not acceptable with regard to messaging. That assumption could lead to not only problems for your workers, but also for your organization, and to the others outside of the organization with whom your workers are communicating.
Bottom line for all organizations, from the largest to the smallest: You need to establish messaging policies that clearly communicate that all emails sent through the company email system are subject to monitoring, and that no one using the system should have any expectation of privacy for the messages. Also make it clear that, for their own personal privacy protection, you recommend they not exchange personal information with someone who is using a business email address. And certainly make clear to workers that if they have any type of digital communications they want to keep private that they’d better use their own personally-owned devices, preferably that are not also used for work purposes, to send and receive them using personal email addresses.
Other Information about messaging security and privacy
Here are additional recent articles and posts about messaging and email privacy and security:
- Twitter suspends NBC critic’s account: Interesting report of a journalist’s Twitter account being removed because the journalist tweeted the corporate email address of an NBC executive.
- Twitter’s attempt to protect TV exec’s privacy backfires: Critic of Olympics coverage jettisoned for tweeting NBC Sports exec’s email address
- Skype makes chats and user data more available to police
- The known unknowns of Skype interception: More information on Skype surveillance in particular, and a bit of history of online surveillance in general. All of which covers messaging.
- Experts Weigh How Far the Government Can Go in Reading Your Email
- Iowa campaign aide sues Michele Bachmann and her senior campaign aides for stealing her private email list from her personal computer and using it to send campaign spam
- 4 things you need to know about email’s BCC field
- The Wrong Facebook Comments can Get You Fired!
This post was written as part of the IBM for Midsize Business (http://goo.gl/S6P7m) program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.
Tags: awareness, breach, compliance, Des Moines, e-mail, electronic mail, email, IBM, Information Security, information technology, infosec, Iowa, IT security, messaging, midmarket, non-compliance, Omaha, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, public school, Rebecca Herold, Sebring, security, sensitive personal information, SPI, systems security, training