Red Zebra Business Centre -Management Memos
March 2010. Making Measurably More For Your Business Since 1985!

When you depend on specialists, it pays to 'trust, and check'!

Max Williams, Principal Consultant

Today so much of our commerce is handled by email, that an email problem is much more than a computer glitch. What is of even more concern, is that the growing complexity of computer systems can introduce opportunities for error and confusion we would never have considered just a few years ago. And along with confusion and error comes vulnerability!

My Red Zebra client data is always delivered over the internet, so we are always concerned that our material is delivered intact and securely. Whenever there is a discussion about vulnerabilities, we are very, very, interested.

Keeping safe from problems on the internet is not all that hard - but it does need a good general idea of what might happen, what the effects of that might be, and what needs to be done to prevent it. One of the problems here is that the IT profession is not very good at making it easy for clients to look after themselves. In fact, there is a clear self interest in keeping their clients dependent.

Over the years we have seen some serious examples of IT contractors, and in some cases employees, taking clear advantage of the client's or employer's ignorance.

A young man was employed to enter service invoicing data, so that service jobs would always be invoiced properly. Before long he had installed a superb internal network with 'thin client' workstations, and a whole lot of other fashionable features. The main benefit of this network was not found in our client's business. No! The main benefit was the experience the young man developed in building a neat network at the boss's expense. And no benefit at all to the boss!

Recently we came across a client who had had there email network set up to store their entire email archive and all the current traffic on G-Mail. Why? Because it gave the IT contractor the experience of doing it. When it was pointed out that this was akin to having all their confidential files stored at the local secretarial service, the client was at first just plain aghast! Next, they realized how they had been a blind and trusting victim of an IT fashion.

Just a few weeks ago, an IT contractor had advised a client of ours that they did not need a data server, and that it would cost $20,000 to install one. Following that advice would have left the client with critical business data spread all over the company in various work station computers and wildly at risk. And the real cost of installing a simple server? $2,000!

That's why we think it is important for readers of Management Memos to have a basic understanding of some internet and computer safety issues.

This month we address the topic of email security. Basic stuff - but we see systems at risk everywhere. We hope this information helps you to stay just a little safer!

Visit links to associated companies

Protect Your email


mail security is about a lot more than just using a good password!
Here are some good ways to make sure you don't shoot yourself in the foot.

Step 1: Never allow an e-mail client to fully render HTML e-mails without careful thought
An 'html ' email gives colours and pictures - just like the ones we send to announce a new edition of 'Management Memos'. If you use an email client such as Microsoft Outlook or Mozilla Thunderbird, configure it to render only simplified HTML.  Rendering HTML can potentially identify you as a valid recipient for spam, or a target for 'phishing' and identity theft.

Step 2:  Use a local POP3 or IMAP client to retrieve e-mail
This means avoiding the use of Web-based e-mail services, such as Gmail, Hotmail, and Yahoo! Mail. Don't use them for e-mail you want to keep private. Even if your Webmail service provider has good security policies, that doesn't mean that employees won't occasionally break the rules.

Step 3: Ensure your e-mail authentication process is encrypted, even if the e-mail itself is not
The reason for this is simple - you don't want some malicious security cracker listening in on your authentication session.  Someone who does this can then send e-mails as if they were you, receive your e-mail, and generally cause all kinds of problems for you.

Step 4: Digitally sign your e-mails
As long as you generally observe good security practices with e-mail, it is highly unlikely that anyone else will ever be able to steal your identity and use it for e-mail fraud - but it is still a possibility. If you use an encryption tool to digitally sign your e-mails, recipients who have your public key will know the sender has access to your private key. You should definitely have a private key that is well protected.

Step 5: Avoid unsecured networks
If, for some reason, you absolutely positively must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.

Step 6: Turn off automated addressing features
As communication software gathers more and more automated convenience features, it gets a whole lot easier to accidentally select a  wrong recipient.

Step 6: Turn off automated addressing features (Cont'd)
A prime example is the "dreaded auto-fill feature" where it is so easy to accidentally select a recipient who is listed next to your intended recipient in the drop-down list. This is bad news when you're discussing something quite private or confidential.

Step 7: Use BCC when sending to multiple recipients
Every time you send out an e-mail to several people with all the recipients' names in the 'To:' or 'CC:' fields, you're sharing all those e-mail addresses with all the recipients. Bad for security, and very, very rude! List all the addresses in the 'BCC:' (Blind Courtesy Copy) field . Each person knows that he or she is a recipient, but won't be able to see the addresses of anyone else.

Step 8: Save e-mails only in a safe place
No amount of encryption for sent e-mails will protect your privacy effectively if, after receiving and decrypting an e-mail, you store it in plain text on a machine to which other people have access. Many users' personal computers are not exactly set up with security in mind, either, as in the case of someone whose Windows home directory is set up as a normal network share with a weak password.

Step 9:  Only use private accounts for private e-mails
Any e-mail you share with the world is likely to get targeted by spammers - both for purposes of sending mail to it and spoofing that e-mail address. The more spammers and phishers who spoof your e-mail address, the more likely your e-mail address is to end up on spam blocker blacklists, and the more likely you are to have problems with your e-mails not getting to their intended recipients.

Step 10: Double-check the recipient, every time - especially on mailing lists
Accidentally replying directly to someone who sent an e-mail via a mailing list isn't a huge security issue. The converse, however, can be a real problem - if you accidentally send something to the whole list that was intended strictly for just one person. You may end up divulging secrets to hundreds of people you don't even know.

You may need some help with setting up these security measures. Now what a worthwhile investment that will be!

If you'd like to find out more about how to make measurably more in your business right now, talk to us, or ask us a question here! Remember, there's no charge or obligation.

This same offer applies in New Zealand. Click Here!

McNicol Williams Management & Marketing Services is a Small Business Advisor listed with the Small Business Victoria, and has presented The Red Zebra program under its auspices. This listing requires that the first hour's consultation is always free. So when we say "No charge or obligation", we mean it!