dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
508
share rss forum feed

Secyurityet
Premium
join:2012-01-07
untied state

Does Secure Email Start at the Top?

I work for a large -- organization -- that's spent hundreds of thousands of dollars trying to educate its members to practice safe email.

One of the biggie rules they push is "don't open an email that you don't trust" and then proceed to tell you how to determine an email is from a trusted source. Primarily, it's digitally signed by the sender, and their certificate is trusted, and you expect the email.

They also warn people to not click on any attachments in unsigned or untrusted emails.

So what do I find in my email this morning? Out of the blue, an email purportedly from the CEO of the organization (something I don't get every day), NOT digitally signed, and bearing a .pdf... imploring me, nay, practically ORDERING me to open the .pdf and read a short message of vital importance to me.

Naturally, I deleted it immediately and later discovered the same email and .pdf on the company website, so I guess it was a valid email that I deleted.

My point... how do they expect the line and block members to follow the rules when they don't follow them themselves???

And then, how can they discipline those who get caught by true phishers when they've been conditioning the masses by not following safe email practices from the top?

Is this rare, or are all large organizations like that?



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

It's as old as mankind that the folks at the top of the hill don't believe they need to live by the same rules and principles as those further down the slope. And it's probably more the norm than the exception within large organizations.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville



NotTheMama
What Would Earl Do?

join:2012-12-06
reply to Secyurityet

"Do as I say, not as I do."


HELLFIRE
Premium
join:2009-11-25
kudos:15
reply to Secyurityet

Couldn't have said it better than Blackbird See Profile and NotTheMama See Profile, bar none.

And I find the larger the company / higher up the ORG chart you go, the more apathetic / technology-ignorant
you get, but IT NEVER FAILS they have the loudest yell / biggest pull when THEY consider it a "personal IT
emergency."

Delete email, pray to IT gods to burn their computer or something (when you're not on shift, of course) and
move back into the happy zone. Life (in IT) is too short to get hung up by crap like this.

My 00000010bits.

Regards



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to Secyurityet

Ask any IT guy. The people that have the most (or cause the) issues are upper management.
--
Don't feed trolls--it only makes them grow!



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to Secyurityet

said by Secyurityet:

One of the biggie rules they push is "don't open an email that you don't trust" and then proceed to tell you how to determine an email is from a trusted source. Primarily, it's digitally signed by the sender, and their certificate is trusted, and you expect the email.

That's unrealistic.

They also warn people to not click on any attachments in unsigned or untrusted emails.

If people followed the previous requirement, then this condition would never arise. So they are implicitly admitting that the first requirement is unrealistic.

Last week, I received an email from my wife. It was one line long - short, and to the point.

That one line was followed by around 100 lines of corporate disclaimer, automatically appended by the corporate mail server where she works.

These corporations are paying too much for lawyers to give them bad advice.

Is this rare, or are all large organizations like that?

This seems to be very common.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.2; firefox 18.0

OZO
Premium
join:2003-01-17
kudos:2

said by nwrickert:

That one line was followed by around 100 lines of corporate disclaimer, automatically appended by the corporate mail server where she works.

These corporations are paying too much for lawyers to give them bad advice.

Exactly.

And BTW, those lines look ridiculous and actually do nothing...
--
Keep it simple, it'll become complex by itself...


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

1 recommendation

I get annoyed by the ones that say "Please consider the environment before printing this email"... who prints email?
--
Think Outside the Fox.



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to OZO

said by OZO:

said by nwrickert:

That one line was followed by around 100 lines of corporate disclaimer, automatically appended by the corporate mail server where she works.

These corporations are paying too much for lawyers to give them bad advice.

Exactly.

And BTW, those lines look ridiculous and actually do nothing...

I think there was a thread about this, or mabe a wired article. The disclaimers mean nothing, but the lack of disclaimers give permission to do anything with the content.

Plus, as a matter of security and privacy, your wife shouldn't be using corporate email for a personal communication.
--
* seek help if having trouble coping
--Standard disclaimers apply.--

OZO
Premium
join:2003-01-17
kudos:2

said by AVD:

The disclaimers mean nothing, but the lack of disclaimers give permission to do anything with the content.

It's just a common misconception, spread by some lawyers, justifying "importance" of their job.
--
Keep it simple, it'll become complex by itself...


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to sivran

said by sivran:

I get annoyed by the ones that say "Please consider the environment before printing this email"... who prints email?

My dad/father/pa(ppy). :/