Friday, September 25, 2009

The dangers of 'e'

Have you ever gone out to post two important letters and, just moments after dropping them into the mailbox, wondered if you might have put the wrong letter in the wrong envelope?

Fortunately there's usually no harm done if you've been careless enough to make such a mistake and the unintended recipients will, most of the time, simply return the incorrect contents to you or at least give you a call to let you know of your mistake.

It's far less likely that you've ever accidentally included a full list of all your customers' account details in the invoices you mail out each month. That would be a very difficult mistake to make -- the added bulk of the extra pages and the resultant "fat" envelopes would instantly be reason to investigate and discover your error.

However, in the e-world, such awful mistakes are not so easily spotted and are often far easier to make.

The very power afforded by the internet to attach files and fire mass-mailings off to huge lists of addresses also make it easy to create the most monumental stuff-ups, as a UK ISP found to their embarrasment recently.

Someone at Demon Internet accidentally attached a spreadsheet containing the details of thousands of other customers to the billing emails sent out to a thousand other users.

Included in the spreadsheet was sensitive information such as customers' login names and passwords. What a right-royal stuff-up!

Outside of the obvious stupidity of keeping plaintext passwords on file, it's clear that this is the kind of "human error" that could happen in any workplace; an error that is made all the easier thanks to the point and click ease with which we dispatch our communications in the e-age.

It's not just accidents that can expose sensitive data either.

I've lost track of the number of emails I've received where the sender has opted to include every recipient in the "To" field -- effectively publishing that list to all recipients. Any company that does this may be effectively handing their competitors an extremely valuable list of prospects.

From a management perspective, the e-age brings in a whole new issue of information security that goes beyond firewalls and anti-virus software. It becomes crucial to ensure that all staff have a full and thorough understanding of just how applications such as email work and what risks are involved.

It's easy for someone to claim to be familiar with email on their CV but have they ever used *your* chosen email client to do send messages to multiple recipients using a list of email addresses? If not, you could be in big trouble.

Even something as simple as developing a fool-proof file-naming and filing system for important documents becomes important. Unless files are stored in carefully categorised folders and named clearly and appropriately it becomes all-too-easy for a tired worker to accidentally send out a copy of your cost-prices to a retail customer -- or a customer quote to a potential competitor.

In the 21st century, 'e' stands for 'easy' but that also means its 'e'asier to make really bad mistakes if you take your eye off the ball.

No comments:

Post a Comment