Based on the screen shots circulating the web, it would appear that admin staff at Twitter were using gmail for sensitive activities such as domain name administration – this meant that the hacker could potentially have used their access to redirect Twitter.com to a malicious site. Of course this is all great blogging fodder for the likes of TechCrunch, which is clearly enjoying baiting its readers. I don’t see that publishing Twitter’s company confidential information on a blog helps anyone, other than gaining traffic for the blog that posts it.

The fall out will inevitably be harmful to Twitter. It isn’t the first security incident associated with the darling of the web, and I know of other breaches of confidentiality that have happened, but not made it in to the public domain yet. Twitter needs to tidy up its act.

Key take aways:

Don’t send company confidential information over low-security email.

• Public email services tend to send data over straight http, rather than https. This makes unencrypted data vulnerable to snooping on public LANs and WiFi hot spots.
• Don’t forward (or allow to be forwarded) ‘corporate’ email accounts to public services. Yes, I know it is a pain, but the risks far outweigh the benefits. “Personal” and “business” email are best separated for a whole list of reasons.
• Email can be the weakest link in a number of situations. Don’t use public email services for critical administration functions like account resets, domain name administration and the like.
• Password recovery mechanisms can be gamed to escalate a hacker’s access. If someone has access to your email, what else can they gain access to?

Don’t store more in email that you need to.

• Modern day inboxes have turned into huge document repositories. This isn’t a good thing.
• Yes, gmail is wonderful, in that I can access emails from years ago. However, is that a risk as well as a benefit?
• “Delete nothing” is great for information discovery, but turns against you the second an email account is compromised.
• With IMAP-style email access giving the ability to neatly place emails into folders, it becomes all too tempting to store passwords in the mail archive. Many on-line systems (foolishly) email the new user’s ID and password to the user. Filed into a folder, or left undeleted in ‘trash’, these are a gold mine for a hacker. DELETE THEM. Change your password and tell the site involved not to email passwords. Ever.

Related Posts

• When Blurred e-mail Goes From Bad to Worse
• Twitter Business? Business Twitter.

Can a Lonely Bird Survive?

This little chap fell out of his nest outside of my office. He was ok, but it got me thinking about a long piece on Twitter over at The Go West blog. It references Adam’s fuller article in Fortune “The True Meaning of Twitter” from earlier this month. Both are a fairly representative taster of the swirl around the Twitter microblogging/messaging service: When will it make money? And how?

The reality is there are lots of ways that it could, but the one that interests me is the use of twitter for business communication. It is one that seems least likely. Twitter differs from blogging in that it restricts users to a single line of text at a time, think of the length of a mobile SMS message. It differs from standard enterprise instant messaging in that it is a one to many, rather than one to one communication method (think website, rather than phone call). It is also persistent, in that the messages remain after a user signs out or updates.

Microsoft have invested in persistent messaging technology, and it is something that has been around in the finance space for quite a while. However, it has uses in many other types of business. It is a great way for remote staff to keep up to date with the business buzz, or to keep in touch with contacts at business partners. Padmasree Warrior, Cisco’s chief technology officer is a keen Twitter user (see “Another view on Twitter“):

What I use Twitter most for is to share “What I am thinking” rather than “What I am doing.”

Instant messaging clients let users set a status message (as do social platforms like Facebook), but IM clients don’t usually keep a history of those messages. It is that journal (of thinking or doing) that is most interesting from a business communication perspective, since it allows staff to ‘checkin’ on each other actually disturbing their workflow. The sales team can know if there is a problem booking orders, or they can get a heads up about delayed shipments. It’s much more efficient than everyone phoning in and the same message being repeated 10 times – you can see my twitter stream, and Redcatco’s as examples (all be it outside-the-firewall ones).

The nice thing about the tool is that it is lightweight, fast to set up and easy to use. On the Twitter service, updates can be left as public (for all the world to read) or they can be set as private, enabling only people with permission to see the updates. I have heard of a number of early stage startups using Twitter with private messages as their communications backbone.

There is a fly in the ointment. Twitter has had a number of high profile outages. Also, what if you want Twitter inside of the firewall, rather than outside of it? Well there is an answer, but it isn’t Twitter.

Automattic, the people behind blogging platform WordPress, have produced a WordPress theme that enables you to turn a standard WordPress install into your very own Twitter-like microblogging service. It’s called Prologue. It also makes use of WordPress tags to enable messages to be associated with, for example, projects. You can see how Automattic have used it here.

Blogging and microblogging should be part of a business’s communication strategy these days, both for internal use, as well as for external (both marketing and non-marketing) use. Services are still coming and going, but the format is here to stay.

Related Posts

• Twitter’s Bitter Lesson – What You Should Know
• WordPress 2.8 Release – Baker Hits the Street