A few months ago I blogged about a co-anchor at a television station who was accused of getting into his co-anchor’s email and passing information from the messages along to news outlets.
I was interested to see a CNN report today, “Fired anchor pleads guilty to e-mail snooping” that followed up on this story. Larry Mendte reportedly admitted to accessing Alycia Lane’s emails, in her 3 home and work accounts, over 500 times over a 2-year period!
Okay, why was he able to so easily get into her email accounts…3 OF THEM!…over a period of 2 years?! Wasn’t there any security applied to these email systems?
Some possibilities…
- Lane may have used the same password for all three accounts, never changed her password, and it was one that Mendte was able to easily guess.
- Lane may have left her email IDs and passwords written in a location that was easy for Mendte to find.
- Mendte may have had some sort of admin rights to the email systems, or got the admin’s password, so that he was able to view poorly configured email settings that may have shown Lane’s password in clear text.
- Mendte may have gotten onto Lane’s logged in computer while she was not around and surreptitiously set her email to forward a copy of all message to his account.
- Mendte may have been able to view Lane’s email directly on the email server if the email server was not appropriately secured. However, it does not seem likely three different email servers (for three different email accounts) would all be poorly secured…possible, but not probable.
If he was able to get into all three of Lane’s email accounts for two years, it is likely she never changed her password for any of her email accounts.
Whatever the reason, Mendte definitely was wrong to access Lane’s emails!
However, it is important for everyone to take precautions to protect their email, and any other electronic information.
One way is through good password management.
- If possible do not write down your passwords! If you have a lot of passwords and you need to write them down to remember them, then never, never, never keep your list where anyone else can see it or get to it. Putting your list under your keyboard is *NOT* a good idea!
- Change your password occasionally. Perhaps Mendte could have been shut out of Lane’s emails if she had changed hers, if that was the way he was getting into them.
- Change your password just as soon as you think someone else may have figured it out and may be using it.
- Do not share your passwords with anyone! I know some folks need to share their home/personal email password with a family member, but you should never, ever, ever share your work email passwords with anyone else. If someone tells you they need your email password, you can tell them that no, they do not!
- Choose a GOOD password. Do not pick something that is easy to guess, such as a name, a birthdate, and so on. Make it at least 8 alpha-numeric characters long if at all possible.
- Do not continue to use default passwords. If your email account came with a password to use the first time you used the account, change it as soon as possible.
- Make sure email account passwords are encrypted in storage so others cannot see them.
- Make sure your print queues do not show the content of the email messages through queries that anyone on the network can use.
- Do not send anything within clear text email message that you would not want to see printed within your local newspaper or TV station. Always assume that your work email account is being monitored. If you must send something sensitive within email messages, then encrypt it.
- Lock your computer when you leave it unattended.
Tags: Alycia Lane, awareness and training, email security, Information Security, IT compliance, IT training, Larry Mendte, policies and procedures, privacy training, risk management, security training