Misplaced IT Security Controls

I’ve noticed an odd trend in computing security relating to the transmittal of bank remittance notices–not the money being transmitted, just a note that a payment was made into our company account.

In the past these notices would arrive on paper via postal mail. Then there was a migration (excellent!) to using email with PDF attachments. Since the senders were known (and trusted), this is considered “no big deal” nor a security risk.

I’m not starting to see diverging trends.

  • One very large bank sends the transmittal notice as an attached Microsoft Excel *.xls file. Gesh. It’s hubris to think that we have and use Microsoft Excel, and worse it’s source.
  • Two law firms now are sending the remittance in a two-part email. I get an email from them asking that I click on link. After clicking on that link I’m sent two emails–one with a secret password, and a second with another link where the remittance notice is stored. I’m expected to go to the second link and use the secret password to see the document. Gesh. What problem are they trying to fix by imposing on me so much manual work?

IMHO, these are both stupid ideas.

Comments are closed.

%d bloggers like this: