Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Judge Rules USA PATRIOT Act Breaks Separation of Powers Requirements | Main | HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI »

Craig's Voicemail Error Not Uncommon; Be Sure Your Employees Don't Do the Same!

This week Larry Craig, the U.S. Senator embroiled in a sex scandal, left a long, detailed voice mail message for his lawyer. Problem was, he misdialed and left the message on another person's voice mail!

The unidentified person who received the voice mail released it to the press. As a result the details of his message were widely reported and analyzed, much to his already huge embarrassment.

This is not an uncommon practice. Too many people...too many business folks...leave highly detailed sensitive information within voice mail messages.

This happened several times at a company I was at in the 1990s. People working at the company, often managers, would call and leave very detailed business messages on voice mail, only to find 1) that they had left the message at the wrong number, or 2) that others had the password to the voice mail and others listened to the message that they really did not want to hear the message.

This has happened often at many organizations.

It is good to have policies addressing these human vulnerabilities. A couple of possibilities (rewrite to fit your organization's policy format) include:

1. Do not leave sensitive business information within voice mail messages.
2. Do not share your voice mail passwords.

It is also a good idea to raise the awareness about this issue with your personnel. The Craig situation is a great example to use in your awareness communications as a case study.

Tags:                
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on September 8, 2007 8:57 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/513

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.