Thursday, April 05, 2012
Online Crisis: How to Avoid Email Exposure
The complete story is here.
This nightmarish situation is an avoidable one. If NZTA had taken the proper steps in preventing this entire crisis, 1,000 New Zealanders would have no reason for concern regarding their email addresses falling into deceitful hands.
The effort here is to avoid this online crisis from occurring again by explaining how to avoid online email exposure. We’re all entitled to our privacy and the following advice will help us maintain it.
For starters, businesses should make sure their staff has the proper training to use the BCC function in their company’s email program.
For anyone unfamiliar with “BCC” it stands for blind carbon copy. With BCC, you can send one message to multiple recipients without each recipient knowing who else received the same message. Here’s what each line in an email message represents:
To: List the address of the primary recipient here
Cc: This is the carbon copy to the secondary recipients. With CC, the recipients’ e-mail addresses are visible to everyone receiving the message.
Bcc: Blind carbon copy is mostly used when addressing a long list of recipients. This field is used to hide recipients’ email addresses from one another while receiving the same message.
NZTA failed to address their email messages properly.
This is so commonly done that it’s downright shameful. Not only is this a breach of privacy; it’s also a gateway for spammers and various markets to attack email addresses.
Instead of NZTA sending out these emails themselves, they should’ve used a proper bulk mailing service. Mailchimp is a recommended choice for handling mass emails. Their email marketing business is designed for this. Using their service would have made this situation less likely to occur.
Another huge mistake on NZTA’s part involved credit cards. It is important train staff to never request nor send credit card information via email. There are too many internet hackers just waiting for such easy access and this makes it easy for them to get it.
Despite the advancement of the internet, there are still several companies who lack a payment system on their website. As a result, they ask their clients to send their credit card information through an email.
Big mistake! I state this because emails are not secure in any way.
I know this firsthand after experiencing this exact situation from a travel agency while traveling overseas. Time difference made it difficult to contact me, so this was their solution regarding payment.
Rather than suggest clients submit their payments via emails, it’s much simpler and safer for a company to add a payment gateway with a secure page onto their website. Afterwards they simply add PayPal or DPS.
While this incident is a headache for 1,000 New Zealanders, it can also be a lesson to both companies and customers on how to secure their privacy. In the end, this can be a lesson well learned for all of us.
Posted by Greg Nixon at 5:16 pm