There’s a bank clerk in Wyoming who is in deep trouble with the boss. According to news reports, an employee of a bank in Wyoming sent an email that contained customer data to the wrong recipient’s Gmail account. The employee of Rocky Mountain Bank made two critical errors: First, they sent it to the wrong address, and second, they attached a file with sensitive information that should not have been attached.

According to news reports, the employee, realizing they had sent it to the wrong address, tried to “recall” it after sending it. Huh?? How long has this employee been using email? Just about anybody that isn’t living in a cave knows that you can’t recall an email once you’ve sent it out. That’s why standard procedure should include at least a quick once-over of the contents and recipient list before hitting the “send” button.

The attachment that was sent contained customer information, including social security numbers and loan data.

Continue reading Bank learns its lesson, you can’t recall email

Viral emails get circulated around offices and places of businesses far too easily. It happens all the time, and is an enormous waste of time and a danger to company productivity and morale. What happens is that some employee receives a viral email that propagates some untrue rumor or urban myth, but which nonetheless evokes a strong reaction. Said employee says to himself or herself, “Why, everybody needs to know about this outrage!” And so they click “send all” and everyone in the company gets it. Pretty soon, everybody in the company is outraged about the rumor–the fact that it’s not true is besides the point–and productivity suffers. I get these all the time–but the only outrage is that the content contained in them is incorrect and usually designed just to rile people up.

These emails pop up all the time, usually propagating some sort of misinformation surrounding a minority group, immigrants, or government policy. In almost every case, the facts are completely false, but they deal in subjects that are sure to get a response.

Of course, these have no place in the office, and the administrator would be justified in appending the use policy to prohibit distribution of these emails. Of course, besides wasting time and getting people angry over false information, they just contribute to the ever-widening sea of useless email that clogs up all of our email servers, since the typical response is to say, “Oh, this is terrible, I have to send this to everybody in my mailbox right now!” The viral emails that perpetrate these and other rumors are a waste of time and a danger to society–any company use policy needs to prohibit propagating viral “rumor” and urban myth emails.

If your company is having problems with employees and their email usage it might not be the employee’s fault. When was the last time your employees reviewed the company’s email policies? If you can’t answer that question then it means that there is a problem with communication.

It should be standard practice that all employees are required to sign a document upon acceptance of employment that they will abide by the rules and policies regarding email usage whilst employed at the company. It should also be mandatory that employees review and sign the agreement each year or every six months whilst employed.

This brings up the question of what exactly should go into an acceptable Email Usage Policy.

Continue reading Why should you have an Email Usage Policy?

The devastatingly high rate of unemployment, not just in the US but all over the world, can cause problems not just for the unemployed themselves, but also for the IT departments of the companies that laid them off.

Even when the economy was booming, I always advocated a clean break when letting somebody go. It may seem a little heartless, but the standard protocol is to de-activate their passwords and computer access first, and then lower the boom at the end of the day. A disgruntled employee can be very dangerous to a company, and I have first-hand experience seeing one such employee take down a very large San Francisco-based firm I used to work with. Leaving employees with computer access, even for a few minutes after the axe falls, is just too risky. With computer access, the employee can too easily email out sensitive information minutes before walking away. And besides outright theft of information, if the employee continues to have company email until IT gets around to cutting it off, it’s all too easy to pretend that one is still employed with the company, and send out potentially damaging emails to clients.

A recent blog entry on ITSecurity.com reminded me of this, citing a survey on deleting accounts from laid-off employees. According to the survey, 30 percent of respondents had no policy in place to find orphaned accounts, and 30 percent said it takes more than three days to terminate an account after an employee leaves the company.

The State Government Watch blog has an interesting article on how the former head of Hawaii’s Tourism Authority netted a hefty “resignation payment” after he was caught in an ugly email scandal:

The embattled former chief executive of the Hawaii Tourism Authority, Rex Johnson, will receive nearly $300,000, including unused vacation pay, as part of an agreement with the state agency. The tourism agency, which faces significant challenges ahead in guiding Hawaii’s bread-and-butter industry through its most turbulent time, agreed to a resignation payment of $208,181 based on Johnson’s initial annual salary of $240,000 through August 2009. Johnson’s vacation pay, also based on his $115 hourly rate, amounted to $83,304, bringing the total resignation package to $291,486. Johnson resigned Oct. 8 after a state auditor flagged his email for pornography sent to friends via his state laptop. Racist and sexist messages sent during the same period surfaced a few months later.

Yes, that’s right. He was caught with porn and racist emails on his state issued laptop, yet made out like a bandit. Not exactly a deterrent againt violating email policies, is it?