Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« HIPAA Humor: Dumb Robber | Main | Sending Clear Text Customer Information Is Not Okay Just Because the Customer Says It's "Okay" »

Something To Tell Your Personnel: Messaging Includes More Than Email

My June issue of "IT Compliance in Realtime" journal is hot off the press!

I've heard from some of you that when I post the articles from my journal that the posts are too long. So, what I will do from now on is to break up the articles into smaller postings to make them easier, and faster, to read.

Here is the first part of the first article within the June journal, "What to Tell Personnel: Messaging Security and Privacy"...

------------------------------------

In March, I discussed 12 messaging risks that information security and privacy leaders must address. Armed with this knowledge, it is important to effectively communicate to your personnel what they need to know about messaging security and privacy.

See "Twelve Messaging Risks to Address Now" in the March issue of IT Compliance in Realtime at http://nexus.realtimepublishers.com/rtitc.htm.

Here are four of the topics [NOTE FOR BLOG: I will include the other topics in separate blog postings] you should communicate to your personnel about messaging.

Messaging Includes More Than Email

In the course of conversations I have with diverse and numerous folks who are not information security or privacy practitioners in airports and on airplanes, at school functions, and other social settings, I repeatedly hear growing concerns about email privacy incidents. However, I rarely see any awareness of the risks involved with using instant messages (IMs) and text messaging. I take note of the kinds of information these folks indicate they typically send within IMs and text messages. Some of these include:

  • Details about the locations where they will be at certain times and days
  • Phone numbers
  • Birthdates
  • Social Security numbers
  • Photos

Oftentimes, the information the individuals are sending is not just their own, but the information of others. You need to provide effective training and ongoing awareness communications that describes the risks involved in using all kinds of electronic messaging.

For details about IM and texting risks, see "Preventing Data Leakage Through Email and Instant Messaging" at http://www.realtime-itcompliance.com/itces_v02.asp.

------------------------------------

Download the full PDF article, within the journal, here.


Add to the above list of commonly sent text messages the following...


  • Email addresses

  • Credit card numbers

  • Street addresses

  • Private information about OTHERS

  • Accusations about others

There were some very interesting and concerning news stories recently about how pre-teens and teens were sending each other naked photos of themselves using texting and their cell phones, and then some who received them would publish them on the social networking sites, and other Internet sites...it really blows my mind!

See a couple of the news reports here and here.

What are these kids thinking? What have their parents taught them? What have the schools taught them? So much more information security and privacy education, through targeted training and ongoing awareness, needs to be provided throughout all parts of society.

It is really quite alarming to consider all the implications...

Tags:                      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 6, 2008 1:03 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/737

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.