Blogs
Michael R. Farnum's picture
Michael R. Farnum

Hitting the Security Nerve

More posts |

July 23, 2007 - 11:38 A.M.

Law firm's IT staff gives flimsy excuse for not whitelisting

If you are a law firm, and you know that you will be receiving emails from the US District Court, wouldn't you whitelist that domain?  I know I would.  But the CTO at Azar & Associates says that he "avoids whitelists because they must be manually maintained and there is the possibility for human error."  Rrrriiiiggghhhhttt....

This is coming from this article here at Computerworld.  Basically, the law firm was getting a bunch of spam, and people were complaining about it.  So when the admin made some changes to the settings of the filter to block the spam, it also caused some false positives.  It started tagging legit emails from the district court as spam and started blocking them.  So the law firm missed a court date, and now they are paying out a few thousand dollars in court costs (I'm sure they can afford it, but it still sucks).

This translates into a couple of problems:

1. Settings like this need to be tested and verified before being implemented.  More than likely this poor admin was reacting to a bunch of screaming users who were getting tired of seeing Viagra and stock spam.  I understand their problem, but the admin was probably getting pounded and just decided to do whatever he could to shut 'em up.  But when people don't understand the complexities of a situation, they don't know the ramifications of settings like this being changed.  If I was this admin, I would thoroughly document the changes that I made and WHY I made them (Joe kept calling me every time he had to read about male enhancement products).  Though it is not an excuse for making the changes without testing, it is definitely understandable.

2. The business process of the law firm was not understood by the admin.  Obviously the CTO didn't relay to the admin the importance of these emails.  He used to be a lawyer, so he should understand the criticality and do something to ensure this does not happen (the excuse above sounded like just that - an excuse).  I'm not sure how often the domain of the district court changes, but it would be my guess that adding it to their whitelist would not require a lot of maintenance.

I just hope the admin doesn't lose his job over this.  Somehow I doubt he is the bad guy in all this.

Related Posts

Anonymous called hard to kill web hippies in leaked internal Stratfor emails
Malware at the library
SOPA/PIPA: Down but not out (yet)
SOPA/PIPA bill blackout Weds: Wikipedia to go dark #J18

Today's Top Stories

When IT gets to play: Skunk works projects
'Server huggers' present obstacle to cloud use
European regulators start investigating Carrier IQ
'Nothing but the facts' approach just won't work with business people
Mozilla declines to say if it's renewed lucrative Google deal
SAP faces cloud strategy questions with SuccessFactors buy