This week Larry Craig, the U.S. Senator embroiled in a sex scandal, left a long, detailed voice mail message for his lawyer. Problem was, he misdialed and left the message on another person’s voice mail!
The unidentified person who received the voice mail released it to the press. As a result the details of his message were widely reported and analyzed, much to his already huge embarrassment.
This is not an uncommon practice. Too many people…too many business folks…leave highly detailed sensitive information within voice mail messages.
This happened several times at a company I was at in the 1990s. People working at the company, often managers, would call and leave very detailed business messages on voice mail, only to find 1) that they had left the message at the wrong number, or 2) that others had the password to the voice mail and others listened to the message that they really did not want to hear the message.
This has happened often at many organizations.
It is good to have policies addressing these human vulnerabilities. A couple of possibilities (rewrite to fit your organization’s policy format) include:
1. Do not leave sensitive business information within voice mail messages.
2. Do not share your voice mail passwords.
It is also a good idea to raise the awareness about this issue with your personnel. The Craig situation is a great example to use in your awareness communications as a case study.
Tags: awareness and training, Information Security, IT compliance, Larry Craig, policies and procedures, privacy, risk management, voice mail