It's a known fact that data thieves and hackers don't need advanced computer skills to obtain sensitive information. You can simply rely on a lack of common sense with most computer users, as I was privileged to witness earlier this week.
Neither my first or last name are very unique, which repeatedly causes people to send me emails because they misspelled a domain name or email address.
Last week a person with a name similar to mine working for Scalable Software asked his IT administrator to forward all email to his Gmail account. Except that he was so illiterate that he was unable to correctly spell his address and instead gave out mine.
While the problem was corrected earlier today, the snafu resulted in me receiving several dozen of Scalable's emails (I was away on vacation and didn't notice it earlier).
Most of the messages were boring or irrelevant: Colleagues in Scalable's Houston office are evacuating because of hurricane Rita and will be staying with grandma.
But they really got my attention with a message with the subject line: "Internal Only: [Name omitted] Visit Summary". Nothing says "read me" like a confidentiality disclaimer and a survey about a client's satisfaction.
Scalable among things develops an application to manage software licenses, but apparently there are some issues with the Mac version.
The client had problems installing the application because it couldn't be installed over a network. Also there is "frustration" with users because "they did not know how to change the views" for the software catalog, the email explained and apparently the software lacks an intuitive design that allows users to quickly retrieve information.
But overall the "Customer is happy and would like to see us continue to enhance our MAC cataloging."
"Most of these issues/frustrations were related to lack of training and understanding."
For starters the client wouldn't be very happy to see this email get published. Secondly competitors would be thrilled to get their hands on this email. If you mistype an address, you never know where it will end up.
Disclaimer: I have chosen to publish select excerpts from the email to illustrate how a small mistake can have grave consequences. Also this individual should take responsibility for his poor security skills, which is more likely to happen after a public scolding. Lastly, by omitting the client's name I believe that the real damage will remain limited, yet that Scalable will still be fully made aware of the risks involved with their current security policy.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance