I hate inaccuracies.  I don’t mean your run of the mill, oops I made a factual error inaccuracies.  I mean the silly, any thinking person should know better inaccuracies.  To protect the (mostly) innocent I won’t mention the name or relationship of this person, but in my digital life I have an individual (and I know we all have one) who endlessly forwards me every email warning ever.  All of them are untrue.  In the last month I have received ridiculous emails about every Presidential Candidate, computer viruses, the latest gang initiation death threat and everything else you can imagine.

Oddly, I find some of these same messages plaguing my inbox at work.  Good meaning, but perhaps ill-informed coworkers, colleagues or professional acquaintances forward on a variety of spam that should never make it anywhere except someone’s Deleted folder.

As the head of IT I face a bit of a challenge with these emails: I don’t want anyone to think that I do not appreciate their attempts at security and I don’t want a well intentioned person to raise a false alarm that creates even more work for me (or a political headache).

Let me give you some examples:

1.       A colleague once forwarded me an email that said “Ed, this looks like a virus.  What should I do?”  He CCed his boss and the technical support distribution list.  Well, for starters, don’t email it to me.  If you think an email has a dangerous attachment or link in it, don’t send it to someone.  Call and ask. The email was actually a notification from the email server that the original email attachment had been deleted because it contained a virus.  Had this person simply read the first sentence in the email there would have been no cause for concern.  Of course he told a few people that he had a virus, who told a few more people and pretty soon the entire company was fraught with worry.

2.       A colleague once convinced the CEO of the company for which I worked that we would lose some of our contracts should the client ever learn that we received so much spam.   The account on which she was getting spam was our marketing account which was on about a billion websites and had its spam filter settings set very loosely so that we did not miss a viable opportunity due to it ending up caught in the spam filter.  I ended up coming in from my vacation to deal with the fallout from this one person urban legend.

3.       A colleague once sent the entire company an email (which was actually a hoax circulating on the Internet) warning them that they needed to shut their computers off on a specific day because a massive virus was supposed to hit.  Before I could control the tsunami of proactiveness that followed action plans had been formed, productive work had stopped.

So, how do I control the flow of information to make sure it is valid and accurate?  First of all I make sure we have spam, spyware, malware and anti-virus software installed everywhere.  Then I make sure the policies for these tools are well defined, well communicated and that people know what to expect from these types of software.

Next, I make sure that there is one definitive source for communication of all cyber related threats.  This way people will know not to respond to the occasional false alarm from the general population.  I also make sure the inverse is true and that there is a definitive contact for any cyber related concerns.  If someone knows who to contact it helps control the flow of information.

How can an HRIS system help?  The Achievant platform allows for two forms of companywide communication: there is a home page that acts much like an intranet and there is a messaging component.  Use of either of these can alert staff to virus outbreaks, security updates, etc.  At Achievant we use this messaging to great effect, keeping the staff aware of any news alerts that are important enough to warrant immediate distribution to either the whole company or a select group.