Messaging Mishaps Have Collateral Damage

Tuesday, August 21, 2012

Rebecca Herold

65be44ae7088566069cc3bef454174a7

A few weeks ago I wrote about recent situation in which the Des Moines public school system superintendent’s career was brought to a standstill (it is yet to see whether it is temporary or permanent) by using the public school email system to exchange 115 personal messages, and including at least 40 cases sexually explicit messages, with her lover, married with children highly decorated Army Captain Hintz

Since that time he has been fired from his position as head of Army Recruiting Command, a Des Moines-based recruiting company.  So not only was one person’s misuse of her employer’s email system the cause of her own career downward detour, it also has had ripple effects and derailed the career of the man who was corresponding with her, and likely also further ripples out to damage his family.

More privacy and security lessons

In addition to the lessons from my earlier post, this provides additional lessons:

  • Include in messaging training the lesson that workers need to consider the impact to those with whom they are messaging. They should ask themselves if their messaging will bring some type of harm to their recipients, and those associated with them. While not everyone getting such training will be able to relate to such empathy, many others will, and will think before posting something that perhaps they wouldn’t care was discovered, but that others would care about.
  • Even though email messages are not intended to be posted publicly online, they could very well end up online virtually forever. Many folks consider emails to be much like (non-tapped) landline phone conversations; that only those actually on the call will ever be privy to the information discussed.  However, as this situation shows, the most intimate of discussions may wind up being open for full public scrutiny.
  • Never use business email services to for personal communications. If someone is sending personal messages to you from their business email address (you can usually tell the business address by looking at the information after the @ sign), ask them to communicate with you from their personal, non-shared email address.  Or, better yet, to call you on the phone.  Or, just wait to speak to you face to face.

It is worth repeating: Never assume that everyone knows what is and is not acceptable with regard to messaging. That assumption could lead to not only problems for your workers, but also for your organization, and to the others outside of the organization with whom your workers are communicating. 

Bottom line for all organizations, from the largest to the smallest:  You need to establish messaging policies that clearly communicate that all emails sent through the company email system are subject to monitoring, and that no one using the system should have any expectation of privacy for the messages. 

Also make it clear that, for their own personal privacy protection, you recommend they not exchange personal information with someone who is using a business email address. 

And certainly make clear to workers that if they have any type of digital communications they want to keep private that they’d better use their own personally-owned devices, preferably that are not also used for work purposes, to send and receive them using personal email addresses.   

Other Information about messaging security and privacy

Here are additional recent articles and posts about messaging and email privacy and security:

This post was written as part of the IBM for Midsize Business (http://goo.gl/S6P7m) program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Cross-posted from Privacy Professor

Possibly Related Articles:
9612
Privacy
Information Security
Email Legal Privacy Compliance Enterprise Security Employees Communications E-Discovery Policies and Procedures
Post Rating I Like this!
Default-avatar
Lisa Simpson If you wouldn't want your boss reading it at a C-level board meeting, don't send it from your work place. Access to personal email, even Gmail, Yahoo, etc. can be gained by employers if they can show a judge you are using your personal email for work purposes.

Ask others to use your personal email unless the item is specifically work related. The moral of the story to keep work & personal separate.
1346085009
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.