Skip to content

从 E-mail Security 到 Crisis Management ……

2006/04/20
by
在看我的拙文之前,大家不妨先看一下文后附的电子邮件。东部时间今天早上在互联网上看到转贴的这两封邮件之后,我马上通过业内好友了解事件的真伪,经证实确有其事发生。当事人之一的Rebecca Hu是总裁的Administrative Assistant,公司内部有人认为此事中"She is great.";当问及为何分发到全中国的那封回信用的是中文,回答是"Her English is not good enough as big boss’"。两封邮件贴到网上之后,有好事的北美人士把Rebecca的回信译成了英文,这里摘录两个版本,在附件里用不同颜色的斜体字标出。
事件的背景交代了,暂且不去评论整个事件的是非曲直。因为本人工作关系,我们先来看看在这事件中,一个公司的各部门可以在那些方面改进的,尤其是信息技术管理(IT)部门和危机处理部门。
在中国有相当规模业务的跨国公司,肯定有IT部门,IT部门的角色是什么?是信息管理,具体在这件事里就是电子邮件。电子邮件,包括公司电脑中存储的一切信息,都视为公司的财产,这一点是没有异议的。写了回信并且分发到公司在中国所有员工的Rebecca,身为总裁行政助理,肯定有权限发邮件给这几个收件人列表的,她甚至会有权限以总裁的身份给别人发邮件;所以事前,IT部门是预见不到在这个职位上的人,有朝一日会做出这样over-reaction的事情,更不会想到公司内部人员会把这样的邮件传播到社会上,成为众白领茶余饭后的谈资。(有的个人网站上称此邮件已经传遍在中国的全球500强了。这不,还传到500强的老巢——北美来了。)
事件发生在白天,大概是午餐后的这段时间,信发出去了,设想一下,如果你是老板,或者你是该公司的员工,会怎么想呢?由于各人的立场不同,可能想法也各异,但是所看到的事件的直接后果应该是一致的:她在中国区全体员工面前坍了大老板的招势。她这样做对她个人的最严重的后果,每个人也都能猜到 (据称,目前这位行政助理已经走人了,而且此事对她的职业生涯也将产生负面的影响)。
通俗地说,这件事对公司,对老板来说,是一件“丑”事。所谓家丑不外扬,那么,如何阻止公司内部的邮件流传出去,就是IT部门可以有所作为的地方了。
当然,在这件事情上, 如果公司没有现成的规则,IT部门是不能擅自增改任何限制的。这就涉及到公司的Crisis Management,每个公司都有可能面临各种各样危机,有来自内部的、也有来自外部的。一个制度完善的公司,应该有一个危机处理的部门,或者是委员会,集最高管理层、公共关系部门、人事部门,当然也应当包括信息管理和其它安全职能部门。在本事件中,最高管理层因为是当事人之一,理所当然地应该回避,那么公司的副总裁和余下的部门,在觉察到事件发生的时候,就应该马上讨论对策。
拙文的题目里有电子邮件安全和危机管理,所谓电子邮件安全,最基本的就是不让不该进来的邮件进来,不让不该出去的邮件出去,推而广之也能应用到信息安全中。因为事情发生在工作时间,所以在电子邮件发出之后,在公司内部阻止它的传播是不现实的。技术上能做到的就是怎样阻止这样一封可能损害公司形象的电子邮件传播到公司以外的地方。俗话说,好事不出门,坏是传千里。在这信息技术高度发达的今天,这东西要出了公司,你就再也管不了啦。一定要从制度上管理上做到百密而无一疏。
每个员工加入公司的时候,相信都经过上岗培训(new-hire orientation),知道公司的安全规则,包括need-to-know和non-disclosure的政策。公司对本事件的对策应该包括,由人事部门立即向所有收到该邮件的员工重申公司的信息安全政策,并且宣布本事件中涉及的电子邮件为敏感信息,不鼓励在公司内作进一步讨论,禁止向公司以外的人员或单位透露,否则视为违纪。同时,IT部门在公司的邮件出口添加限制规则。
本事件发生在下午一点四十八分,如果公司危机处理机制有效的话,应该在四点钟之前实施上述最基本的措施,把事件的影响限制的最小范围之内。但遗憾的是,目前网上可以搜索到的该邮件的副本,都是从同一个员工那里传出来的,发件的时间是下午四点二十五分。
再说说公司为什么要有这些信息安全和危机处理的政策和对策。简单地说,就是要让员工、股东、用户感到公司是安全的可靠的,然后才可以谈发展。
用户第一,如果我是EMC的用户,得知这件事之后就会在心里嘀咕,你这公司是怎么管的?一个行政助理不高兴了,可以在全中国员工面前出总裁的洋相,万一哪个工程师不高兴了,把我交在他们手里几个TB的数据给毁了可怎么办呀?
(未完)
 
本文未完成,转贴请注明出处,并注意更新、同步。
附件内容来自互联网,如有异议,请告知。

From: Nan Zhang [mailto:zhang_nan1@emc.com]
Sent: 星期一 2006-04-10 16:25
To: Tian,Uko (HW)
Subject: FW: Do not assume or take things for granted
知道soon choo是谁吗?
俺们EMC中国区老大呀!
公司的老爷们儿们这叫一个汗呀

From: Hu, Rui [mailto:Hu_Rui@emc.com]
Sent: 2006年4月10日 13:48
To: Loke, Soon Choo
Cc: China All (Beijing); China All (Chengdu); China All (Guangzhou); China All (Shanghai); Lai, Sharon
Subject: FW: Do not assume or take things for granted
Soon Choo,
首先,我做这件事是完全正确的,我锁门是从安全角度上考虑的,北京这里不是没有丢过东西,如果一旦丢了东西,我无法承担这个责任。
1. I did not find anything wrong in what I did. For security reasons I have to lock that door. We do have such occurrences of stealing in Beijing area. If I failed to lock the door properly, I will have to take all the responsibilities for anything stolen. I can not afford it.
First of all, I was absolutely correct regarding this incident. Locking the door is a security measure. Beijing is not a place of no stealing. I would not be able to take the responsibility if our office got stolen because the door was left unlocked.
其次,你有钥匙,你自己忘了带,还要说别人不对。造成这件事的主要原因都是你自己,不要把自己的错误转移到别人的身上。
2. You forgot bringing your own key and you are trying to blame others for that. You are the root cause of the incident, and please do not try to blame others just because of your own fault.

Second, you forgot to bring your own key but you blaimed others. Remember, forgetting the key is your own fault, not of others.

第三, 你无权干涉和控制我的私人时间,我一天就8小时工作时间,请你记住中午和晚上下班的时间都是我的私人时间。

3. Please be noticed, you have no privileges to interfere and control other’s private life. I work 8 hours per day here, and all the other hours including lunch break and evening after hours is private of my own.

Third, you do not have the right to interfere or control my private time. Legally and officially I work eight hours a day. Please also keep in mind that both the lunch break and the evening after work is my private time.
第四,从 到EMC的第一天到现在为止,我工作尽职尽责,也加过很多次的班,我也没有任何怨言,但是如果你们要求我加班是为了工作以外的事情,我无法做到。

4. I’ve been working very hard since my first day at EMC.. Even I have worked a lot of overtime here, I have no complaints. But if you want me to stay office overtime only for something else other than work, I can not do it.

Forth, I have been a hard worker since my first day in EMC. I have been working overtime for many times without any complaint. However, if you want me to stay overtime for anything other than work, I am sorry that I cannot make it.
第五,虽然咱们是上下级的关系,也请你注重一下你说话的语气,这是做人最基本的礼貌问题。
5. Please mind your manner when you are talking to others even you are the boss. Paying respects to people is a basic behavior conduct for any educated and civilized human being.
Fifth, I understand you are my boss, still please pay attention to the way you speak. This is simply regarding the basic politeness.
第六,我要在这强调一下,我并没有猜想或者假定什么,因为我没有这个时间也没有这个必要。
6. I must stress that, I never assume or take anything for granted. I have no time to do that and it is not necessary for me.
Lastly, I never assume anything or take anything for granted. It is meaningless and unnecessary for me.

From: Loke, Soon Choo
Sent: Saturday, April 08, 2006 1:13 AM
To: Hu, Rui
Cc: Ng, Padel; Ma, Stanley; Zhou, Simon; Lai, Sharon
Subject: Do not assume or take things for granted
Rebecca, I just told you not to assume or take things for granted on Tuesday and you locked me out of my office this evening when all my things are all still in the office because you assume I have my office key on my person.
With immediate effect, you do not leave the office until you have checked with all the managers you support – this is for the lunch hour as well as at end of day, OK?


注释:陆纯初(Loke Soon Choo)为EMC大中华区总裁,统管EMC设在中国的运营业务。陆纯初在IT领域拥有20年以上的经验,曾任职于IBM、西门子、甲骨文公司,具有丰富的高层管理经验。陆纯初拥有新加坡大学工商管理学位。
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s