Posts Tagged ‘email’

Not Providing Education Is *THE* Dumbest Idea for Information Security and Privacy Efforts

Monday, August 6th, 2012

Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. The latest proclamation at CSO Online has generated a small bit of a firestorm since it was published. 

As time goes on, and more and more information security incidents and privacy breaches occur, and more information is put into the hands, and care, of more and more end-users who have no background in information security or privacy, such statements are simply bad, bad, bad advice. Making such statements also makes it harder for information security and privacy pros to do their job as effectively as possible when business leaders believe such hogwash and then wind up cut funding for information security and privacy education as a result.  I’ve been in the information security and privacy compliance profession for a very long time, have built such programs and assisted many organizations in building theirs, and I could fill a book with examples of how training and awareness activities have improved their information security and privacy efforts and outcomes.  Others in this profession with hands one responsibilities for the full lifecycle of information protection could also write their own books with such examples.

I wrote a blog post about this topic in 2009, and now is a good time to write another and point out that there is greater need than ever before for organizations, of all sizes, to make the comparatively small investment in information security and privacy education for their workers.

5 flawed arguments against information security and privacy education (more…)

Messaging Mishaps Have Collateral Damage

Thursday, August 2nd, 2012

A few weeks ago I wrote about recent situation in which the Des Moines public school system superintendent’s career was brought to a standstill (it is yet to see whether it is temporary or permanent) by using the public school email system to exchange 115 personal messages, and including at least 40 cases sexually explicit messages, with her lover, married with children highly decorated Army Captain Hintz.  Since that time he has been fired from his position as head of Army Recruiting Command, a Des Moines-based recruiting company.  So not only was one person’s misuse of her employer’s email system the cause of her own career downward detour, it also has had ripple effects and derailed the career of the man who was corresponding with her, and likely also further ripples out to damage his family.

More privacy and security lessons

In addition to the lessons from my earlier post, this provides additional lessons: (more…)

Messaging Misjudgment Kills Careers

Monday, June 18th, 2012

June 22 update to this topic: Today the judge refused to block the release of the emails as Sebring and her lover requested. See http://www.desmoinesregister.com/article/20120622/NEWS/120622012/Judge-announces-decision-on-Sebring-email-release

In the past few weeks the use of emails at work has been in the news a lot in central Iowa, and the news quickly spread around the globe because of the sex and intrigue involved.  Basically, approximately four months before the end of school, the Des Moines Superintendent of Schools at the time, Dr. Sebring, started sending what would end up being over 40 very personal and sexually explicit messages to

(more…)

Going Topless…I Like It!

Thursday, April 3rd, 2008

A few weeks ago I was at a meeting for a professional organization I belong to, giving a talk about privacy breach response, and the audience was great; around 40 in attendance, all visibly listening and interested and participating. I love to look and see everyone’s faces as I am talking; seeing if they are confused, in agreement, or otherwise are reacting to the ideas and recommendations I am talking about.
I was around 20 minutes into my talk when someone’s cell phone started ringing…playing a John Phillip Sousa march. LOUDLY. I kept talking, and everyone was still listening…trying to listen…but the darn phone kept playing! People then started looking around…and finally I stopped and said, “Does someone need to get that?” One of the folks then reached down and answered it; and then left the room. Quite an unnecessary interruption.

(more…)

I Don’t Want Spam, Even If it Is “Certified” To be From a Legitimate Business

Thursday, June 14th, 2007

There are some vendors offering “certifications” to businesses to help get their marketing email past spam filters as well as to help prevent successful phishing exploits.

(more…)

Avoid Some Common Email Pitfalls

Friday, June 8th, 2007

There are increasing reports of email misuse, malicious use, mistaken use, and just plain bad implementations of email systems that allow the many outside threats and desperado insiders to exploit vulnerabilities.
It is most common for information assurance pros to be fairly diligent in trying to keep malware out of the enterprise network through scanning and filtering emails, and it is good to see that it is also becoming a growing trend to try and prevent sensitive data from leaving the enterprise, “leaking” is the current buzzword of choice, by using scanning and encryption. However, there are many other email mishaps and business damage that can occur through the use, or misuse, of email that can have negative business impact and legal implications.

(more…)

New Study: More Confirmation That Spam Costs Businesses Significant $$

Wednesday, May 2nd, 2007

On April 2 Nucleus Research, Inc. released a study, “Spam: The Repeat Offender” which reports that, according to a survey of 849 email users, 90% of all email going into company networks is spam, and 66% of spam gets through corporate filters.

(more…)

Obscure Email Security Issues: Whitehouse Provides Lessons in Email Management Practices and Using Non-Business Email Accounts to Conduct Business

Sunday, April 15th, 2007

So much is in the news lately related to information assurance it is hard to pick which one to share my thoughts about. However, the misuse of email, managing email, and the maintenance of email systems, which I know I’ve already talked about recently, just keeps bubbling to the top of concerns.
Throughout last week and over the weekend while watching the news programs, listening to the political pundits, and reading various news magazines there has been much talk about how perhaps millions of Whitehouse emails have seemed to have vanished, along with discussion about the use of non-Whitehouse systems for Whitehouse business emails.

(more…)

Obscure Email Security Issue: 5 Lessons About Re-using Email Addresses

Thursday, April 12th, 2007

Does your organization ever re-use email addresses whenever someone leaves the company? Do you know that some of your customers‚Äô and personnel’s email service providers re-use email addresses when their subscribers leave? Probably more than you realize.

(more…)

Phishing for Taxpayers’ Personal Information

Saturday, March 17th, 2007

I just finished my 2006 income taxes this morning…something I absolutely HATE doing! I just hate all the forms and paperwork, all the time involved, and always keeping track of that important receipt for business software or hardware that somehow got lost or wedged in some deep dark corner of a drawer.
I’m not against taxes, per se; they are an important part of maintaining public services. But I hate how the tax laws change every year, all the odd new taxes for business owners each year, and how many strange new exemptions seem to always pop up every year, but primarily for the big organizations. I am a company of one for my information security, privacy and compliance business, and I am a company of two for my farm. Between the two there are what seems to be around a hundred different forms to fill out, and always different in little ways each year. So, I hate the time it takes to do taxes, but at the same time I am very thankful to be able to have businesses that otherwise allow me to do work I love.

(more…)