Opinion: From the CSO's desk - Think before you hit the send button

By

One of the "advantages" of being the head of a security team for a major company is that my email account is an easy first port of call for security product vendors to introduce themselves. Over the past couple of years, I have seen this means of communication grow exponentially.

I must say I despair at what some people think they are doing. There have been cases where the senders seem to remain oblivious to the real impression they are giving.


Yes, I know it is hard to attract attention amid the flood of competing emails, but some of the practices are getting ridiculous. The first time I received an email from a vendor thanking me for visiting their website and providing me the further information I "had requested", I actually thought that I was losing my memory. When did I do this? In the end I worked it out: they were lying. What a strange way to start a commercial relationship.

Even worse is the email that claims they were referred to me by our chief executive or chairman. Don't they know that all major companies have a process, and that a CISO would hear from the CEO's office directly? A vendor writing to top executives to get around me also really winds me up, and I know that I am not the only CISO who thinks that way. It all ends up back in our offices anyway.

Then there are those who send the same information over and over again and proudly introduce their companies and product each time. This happens either from different salespeople in different parts of the world or, worse still, from the same person three months later. I have enough of a system to know that I did courteously reply to the first email; it would be nice if the sender had enough process or sense to recall the previous correspondence they had started. By the way, I don't classify any of this correspondence as spam by the usual definition, as our spam filters generally catch all of that noise. Although the irony of one disreputable "vendor" using spam email broadcasts to advertise an anti-spam products did not escape us.

Finally, there is the legitimate email sent out in good faith by a company we know, expressing the "opportunity" presented by their new corporate sales organisation.

I don't mean to be unkind, but actually I don't really care how you organise your business as long as the result is good. Am I unreasonable? Probably, but, in my defence, I have little time and far too much email.

So what works to get my attention? Clear, and factual headlines about products and what makes them different and special. Is that really too much to ask?

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?