| Does Secure Email Start at the Top? I work for a large -- organization -- that's spent hundreds of thousands of dollars trying to educate its members to practice safe email.
One of the biggie rules they push is "don't open an email that you don't trust" and then proceed to tell you how to determine an email is from a trusted source. Primarily, it's digitally signed by the sender, and their certificate is trusted, and you expect the email.
They also warn people to not click on any attachments in unsigned or untrusted emails.
So what do I find in my email this morning? Out of the blue, an email purportedly from the CEO of the organization (something I don't get every day), NOT digitally signed, and bearing a .pdf... imploring me, nay, practically ORDERING me to open the .pdf and read a short message of vital importance to me.
Naturally, I deleted it immediately and later discovered the same email and .pdf on the company website, so I guess it was a valid email that I deleted.
My point... how do they expect the line and block members to follow the rules when they don't follow them themselves???
And then, how can they discipline those who get caught by true phishers when they've been conditioning the masses by not following safe email practices from the top?
Is this rare, or are all large organizations like that? |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
 ·Frontier Communi..
| It's as old as mankind that the folks at the top of the hill don't believe they need to live by the same rules and principles as those further down the slope. And it's probably more the norm than the exception within large organizations.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville |
|
| reply to Secyurityet
"Do as I say, not as I do." |
|
| reply to Secyurityet
Couldn't have said it better than Blackbird  and NotTheMama , bar none.
And I find the larger the company / higher up the ORG chart you go, the more apathetic / technology-ignorant
you get, but IT NEVER FAILS they have the loudest yell / biggest pull when THEY consider it a "personal IT
emergency."
Delete email, pray to IT gods to burn their computer or something (when you're not on shift, of course) and
move back into the happy zone. Life (in IT) is too short to get hung up by crap like this.
My 00000010bits.
Regards |
|
|
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | reply to Secyurityet
Ask any IT guy. The people that have the most (or cause the) issues are upper management.
--
Don't feed trolls--it only makes them grow! |
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to Secyurityet
said by Secyurityet:One of the biggie rules they push is "don't open an email that you don't trust" and then proceed to tell you how to determine an email is from a trusted source. Primarily, it's digitally signed by the sender, and their certificate is trusted, and you expect the email. That's unrealistic.
They also warn people to not click on any attachments in unsigned or untrusted emails.
Last week, I received an email from my wife. It was one line long - short, and to the point.
That one line was followed by around 100 lines of corporate disclaimer, automatically appended by the corporate mail server where she works.
These corporations are paying too much for lawyers to give them bad advice.
Is this rare, or are all large organizations like that?
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.2; firefox 18.0 |
|
OZOPremium
join:2003-01-17
kudos:2 | said by nwrickert:That one line was followed by around 100 lines of corporate disclaimer, automatically appended by the corporate mail server where she works.
These corporations are paying too much for lawyers to give them bad advice.
Exactly.
And BTW, those lines look ridiculous and actually do nothing...
--
Keep it simple, it'll become complex by itself... |
|
 sivranOpera convertPremium
join:2003-09-15
Arlington, TX
kudos:1 | I get annoyed by the ones that say "Please consider the environment before printing this email"... who prints email?
--
Think Outside the Fox. |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to OZO
said by OZO:said by nwrickert:That one line was followed by around 100 lines of corporate disclaimer, automatically appended by the corporate mail server where she works.
These corporations are paying too much for lawyers to give them bad advice.
Exactly. And BTW, those lines look ridiculous and actually do nothing... I think there was a thread about this, or mabe a wired article. The disclaimers mean nothing, but the lack of disclaimers give permission to do anything with the content.
Plus, as a matter of security and privacy, your wife shouldn't be using corporate email for a personal communication.
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
OZOPremium
join:2003-01-17
kudos:2 | said by AVD:The disclaimers mean nothing, but the lack of disclaimers give permission to do anything with the content.
It's just a common misconception, spread by some lawyers, justifying "importance" of their job.
--
Keep it simple, it'll become complex by itself... |
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4
 ·RoadRunner Cable
| reply to sivran
said by sivran:I get annoyed by the ones that say "Please consider the environment before printing this email"... who prints email?
My dad/father/pa(ppy). :/ |
|
