Lessons from Yahoogate

By
Frank Cabri
 on September 24, 2008 12:53 PM | | Comments (0)

They say you can find anything on Google. Turns out it's especially useful when one is searching for personal data to crack a Yahoo! Web mail password.  

 

In the remote case you missed it: Vice Presidential candidate Sarah Palin's Yahoo! Webmail was hacked last week, and the contents were posted on Wikileaks.  Wired reported that the hacker easily broke into Palin's Webmail, hoping to find incriminating evidence that could derail her campaign.

 

We see this happen a lot. While IT installs email and IM archiving software, the workforce moves their personal and sometimes ill-advised communications to what I would call rogue channels. These channels include Webmail, public IM, Skype, and even Facebook. Employees think that management doesn't monitor or control these tools and it becomes an appealing place for improper or even illegal activity to occur.

 

Michael Osterman explained this well when he wrote about the lessons IT should learn from the Sarah Palin Webmail hack.

 

More examples of infamous rogue channel use in recent times include Senator Mark Foley, whose IM conversations with a intern cost him his jobJerome Kerviel, the French banker who alledgedly cost his company $7B, and Scott Sidell, the former CEO who funneled client lists to himself through Webmail.

 

What are your employees doing thru Webmail, personal IM networks and social networking sites?

 

When I ask IT professionals the above question the majority respond (very confidently) that nothing rogue or unsanctioned is happening on their networks. Common responses include, "We block it with our firewall" or "we have a policy against it."  Then we deploy an evaluation unit and provide a report of actual employee initiated traffic and it becomes clear: hope is not a strategy. 

 

As customers move to adopt Unified Communications platforms from Microsoft, IBM and others, I believe the same issue will exist - employees will use personal systems and corporate sanctioned systems interchangeably.  IT will have the hard task of managing policies and controls consistently across this heterogeneous environment. 

Categories:

Tags:

Leave a comment

About this Entry

This page contains a single entry by Frank Cabri published on September 24, 2008 12:53 PM.

It's 10 pm, do you know where your ESI is? was the previous entry in this blog.

Enterprise productivity collaboration software gets a "face" lift is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Twitter Updates

follow us on Twitter

Search

Blog Roll

Collaborative Thinking

Ed Brill

Eileen Brown's Weblog

Enterprise 2.0 Blog

FastForward

Irwin Lazar

No Jitter

Schneier

Single Point of Contact

SKT

Team Think

Technology Live

Techland

The Facebook Blog

The Impact of Information Technology (IT) on Businesses and their Leaders

The Osterman Research Blog

The User View

Security Fix

Zero Day

Comment/Trackback Policy

This site supports an open comment policy. Rude, wasteful, off-topic, privacy-intruding or libelous comments will be deleted. Comments will remain open unless abused.