The Plugged-In Mailbox

Security Training Videos:

“The Plugged-In Mailbox”

by M. E. Kabay, PhD, CISSP-ISSMPAssociate Professor, Information Assurance
Dept. of Computer Information Systems
Norwich University, Northfield, VT 05663-1035 USA

This series of short reviews is intended to help security-awareness officers evaluate training videos for their training programs. The author and his employer have no financial interest in or involvement with the companies whose products are reviewed.

* * *

The training video “The Plugged-In Mailbox” from Commonwealth Films < http://www.commonwealthfilms.com > is subtitled, “E-Mail Uses and Abuses.” It explores a case study of how bad practices in sending e-mail can damage productivity and even lead to disasters.

A manager is writing an e-mail message about cost containment when he learns about a critical rail crash that will directly affect shipments for a manufacturing company. Instead of creating a new message, he appends his “crash advisory” at the end of the long message and then adds the words TRAIN CRASH ADVISORY to the end of the subject line. On the receiving end, a colleague ignores the message because he cannot see the full subject line, so he doesn’t realize there’s any urgency to the message.

The next morning, the recipient forwards the urgent alert to his colleagues and is shocked when response is sluggish. Because of the glut of e-mail and voice-mail she faces upon returning from a trip, the key colleague doesn’t read the message until 10 pm the next evening – and even then, the forwarded message doesn’t appear to concern her, given the obscure subject line and the large amount of irrelevant verbiage at the start of the e-mail.

Why wasn’t the e-mail taken seriously regardless of topic and apparent content? One problem was that the sender was notorious for sending jokes and other rubbish through the e-mail system. Some of the recipients simply dismissed the message as likely trash because of their experience with the sender’s habitual nonsense. In addition, the sender often flooded the network with unnecessary copies (or copies of copies) of e-mail of marginal or no value to anyone else; he also used REPLY ALL because he was too lazy to select the recipients carefully. Finally, the sender labeled everything URGENT, so everyone ignored that label altogether. With the signal-to-noise ratio so low, you can understand why the communications failed within the organization.

In another section, “Nothing Personal: E-mail is not Private Property,” we see the consequences of misuse of the corporate e-mail system. Someone off on holiday has information that’s needed for an emergency, so the tech support crew crack his undocumented password on his e-mail account. They find that the absent man is actually the office bookmaker, as well as having all sorts of inappropriate materials filed away on his disk. The employee is fired and protests – incorrectly – about the invasion of his “private” e-mail.

The next section of the video looks at the “Virtual Food Fight: Digital Debates” and demonstrates how inappropriate it can be to argue through e-mail. A supervisor realizes that her entire group is escalating a war of words using critical, sarcastic language sent in the heat of the moment. Worse still, the original issue – a rumor about downsizing – turns out to be false. The embarrassed participants in the video admit that they should have checked the truth of the rumor, not just passed it along uncritically.

“X-mail: E-mail Improprieties” looks at the consequences of creating a hostile work environment by downloads of pornographic materials and other inappropriate uses of network services. “Sensitive E-mail: Handle with Care” looks at inappropriate distribution of confidential information; a hapless employee sends confidential, damaging and incorrect information to a large distribution list without even checking who is on the list. The press contacts on that list publish news that causes serious damage to the company’s strategy for product release.

Finally, the last section of the video is “E is for Evidence: Digital Discovery.” The speakers remind the viewers that electronic documents under subpoena may not legally be destroyed. In the video, an employee without authorization deletes e-mail archives bearing on an antitrust investigation. When investigators see the gaps in the records, U.S. Marshals seize the company’s backups and many computers. The employee and the company face charges of obstruction of justice.

This film was written and directed by Webster Lithgow and produced by Jennifer Wry. Technical assistance came from a number of industry experts and attorneys. The Executive Producer was Thomas P. McCann. My congratulations to all who were involved.

Commonwealth Films are in Boston; phone 617-262-5634.

* * *

Information about M. E. Kabay, PhD, CISSP-ISSMP< mailto:mekabay@gmail.com > is available at < http://www.mekabay.com/ >.