- ACT! by Sage Forum
- :
- Ideas Forum
- :
- SHARE YOUR IDEAS
- :
- Email Security Violation
Announcements
Email Security Violation
I just encountered a very serious email privacy violation that was facilitated by having Act and Outlook integrated. Consider the scenario where all Act Users have access to the entire database of contacts. This setup is both necessary and preferred because our salespersons share many of the same contacts, selling them different products. Sharing contact information (activities, histories, proposals and sales) promotes greater awareness for our salespersons and a better experience for the customer. Now consider the following 3 company employees, an HR Manager, a Sales Manager (MGR), and a Salesperson (SP). The manager and the salesperson are both Act users whereas the HR person is not an Act user. SP is not performing well and MGR exchanges emails with HR discussing termination of SP. Meanwhile SP suspects that he may be getting terminated so he adds HR into the Contact database under a false name and company but with HR's actual email address.
MGR continues to exchange emails with HR, never suspecting that HR's email address would ever be in the Contact database so he does not bother to mark his email as Private. In fact he regards sending emails to fellow employees as being totally unrelated to the Act database because there is absolutely no need to store non-sales related employees in the Act database. Now the 'sneaky' (but clever) salesperson has access to the email exchange between HR and MGR because it is recorded in Act History!
Can this 'flaw' be fixed in Act? I had hoped that I could impose a validation on field 'E-mail' in the database, e.g. "does not contain @MyDomain.com" where MyDomain.com is the suffix on all our employees email addresses. I could not find a way to do this under the edit option of "Define Fields" afforded by Act. The downside to this proposed solution is that it would mean that field "E-mail" could not be populated on any User records and therefore would not be available for use in shared templates.
Another solution I suggested to Act Support was the availability of a domain name option when setting up email configuration in Act. This could be a domain name that would suppress recording emails in Act History if the "to" and "from" email address domain names were the same, i.e. inter-office emails amongst fellow employees. This of course would be optional but in my case, would suffice as a solution to combat the confidentiality breach described earlier.
I am sure there are cleverer ways to avoid the problem I have articulated but the "Mark as Private" or "do not record in history" are most certainly not viable solutions for my company. I need something that can be setup at the administrator level and is not dependant upon users having to remember to check privacy boxes, especially when they are in Outlook and communicating with a fellow employee who is not even an Act user. So how can 'devious' salespersons as described earlier be thwarted from abusing the Act-Outlook integration?
Somebody help me please because the owner of the company is threatening to throw out Act because of this confidentiality breach.
Comments
- Comments (1 - 5)
This is a constant and ongoing issue which needs to be addressed, and I made a similar request in another post. Usually, however, the problem is confidential emails "accidentally" appearing in ACT! This is the first case I've heard of someone actually manipulating the system.
Quite ingenious actually!
Hope Sage come up with something soon. In the meantime Mike Lazarus has developed a utility thet might help.
Jeff
This is an Access Control issue that should be addresses in the overall Access Contol List (ACL) design. Allied to this problem is that of User records (My Records) History, Notes and Activities being open to view by anybody. This limits ACT! as a viable application, for instance in the franchise business model where Users are likely to be from different francisees within the one database and some confidentiality is required as users are from different business operations.
The problem is not easily solved as it needs to consider retrospective data from versions of ACT! upgraded form less granular ACL or even no ACL properties other than Private.. Sync databases also offer a challenge.
In my view there needs to be the notion of Private Teams. Right now Privacy in ACT! is strictly to the individual which is not very helpful.
Very sneaky. I have another work around for this. You should turn off auto-attach email in ACT Tools->Preferences to avoid any email leaks. Then set up Outlook Rules to attach emails to ACT!. Outlook Rules give you lot more flexibility to setup how you want your emails to be attached. The downside is that you would have to depend on Outlook to be your main email client.
If anyone is actually interested... we have a Plugin for ACT! 10.02 and later that fixes this...
It marks sub-items between ACT! user records as Private (leaves them Public if the sub-item also attached to a non-User contact)
Yes, it works for Email (even from Outlook, which is was a pain to figure out)... and even if the user edits the item and marks it Public, the Plug will set it as Private as soon as it's saved.
It was done for a specific user. We didn't produce a commercial version as we didn't see enough demand, but happy to consider site license deals for anyone interested. If so, have your reseller contact me via http://www.glcomputing.com.au/contact.php
Regards,
We want to hear your cool ideas for improving ACT! by Sage products and services. So add your own ideas or kudo (vote) on the ideas of others here!
I have an idea! How do I get started?
OneRead our submission guidelines.
Two
Search for your idea. If you don't see it, submit a new one!
Three
Provide feedback on the ideas of others by voting with kudos and adding comments.
For more information about using ideas, read this thread.
Four
Track your ideas and those you like. Once you've posted or kudoed and idea, subscribe to be notified via email of the latest updates to the idea. From within the idea, click "Idea Options" which appears above the idea title and choose, "Subscribe to this idea".
Be sure to check back from time to time to see new ideas and status updates!
Here is a quick list of the recent ideas for speedy browsing!
- (4)
- 2010 (1)
- Access (1)
- access list (1)
- ACT! e-marketing (1)
- Activities (4)
- activity (1)
- activity types (1)
- add contact to lookup. (1)
- Add File to Documents Tab (1)
- addons (1)
- address (1)
- Alarms (1)
- Append Date Fields (1)
- Apple (1)
- Apply (1)
- association (1)
- associations (1)
- attachments (3)
- autodate (1)
- autofill location (1)
- avery (1)
- Back (1)
- browser (1)
- Bulk Editing (1)
- Buttons (1)
- Calculations (1)
- Calendar (2)
- Chrome (1)
- clear activity from Phone Contact (1)
- Clipboard (1)
- Colour coding users (1)
- column (1)
- combining records (1)
- Commands (1)
- companies (3)
- Companies - Delete (1)
- Company (1)
- Company Detail View (2)
- Company level needs (1)
- conditional (1)
- Contact (1)
- contact call (1)
- contact phone. (1)
- contacts (1)
- Copy (1)
- Copy Calendar (1)
- Create fields with dropdown menus (1)
- Create new Company or Contact. (1)
- current contacts list (1)
- cursor (1)
- Custom Dates (1)
- Dashboards (1)
- Days Open in Activities (1)
- DDI Phone number (1)
- de-duping (1)
- Define Fields (1)
- Delete (1)
- Demote to Secondary (1)
- departments (1)
- Descriptions (1)
- details (1)
- Documents (3)
- DPI display fonts (1)
- drag and drop (1)
- drip marketing (1)
- drop-down (1)
- duplicate records (1)
- Duration (1)
- dynamic access list (1)
- E-mail (1)
- E-marketing (1)
- Edit Mode (1)
- eliminating duplicate records (1)
- email (5)
- email to secundary contact (1)
- enter new contact (1)
- envelope (1)
- Excel import data (1)
- exchange (1)
- Expenses (1)
- Export to Excel (1)
- Field (2)
- field population (1)
- Filters (1)
- Firefox (1)
- Folders (1)
- Functional layouts (1)
- Global Tool Bar (1)
- gmail (1)
- Go to Contact (1)
- groups (2)
- History (4)
- History count (1)
- Icon (1)
- icontact (1)
- Info Pane (1)
- Instant Messaging (1)
- iPhone (1)
- keywords (2)
- labels (1)
- Layout Control (1)
- Layouts for Tables (1)
- Limited Access (3)
- Linking (1)
- Linux (1)
- list_views (1)
- look for (1)
- lookup (2)
- Lookup Any Phone Field (1)
- Lookup Date Range (2)
- Lookup in Contact AND Company (1)
- lookup special letters (1)
- Mac (2)
- Macros (2)
- Mail Merge (1)
- Make Private (1)
- menu (1)
- Mileage (1)
- Mobile (1)
- multilingual (1)
- multiple attachments (1)
- multiple databases (1)
- NavBar (1)
- Navigation (1)
- new contact (1)
- newsletter (1)
- Notes (2)
- Notes opportunities adding (1)
- Oppertunity Follow Up Activity (1)
- Opportunities (8)
- opportunity (3)
- Opportunity Filters (1)
- Outlook (1)
- page setup (1)
- PAST (1)
- Paste (1)
- PDA (1)
- Phone Call (1)
- Phone Contact (1)
- phone number (1)
- plain text (1)
- previous (1)
- Priduct List (1)
- printing (1)
- Product List (1)
- Products and Services Order (1)
- Profit margin (1)
- Queries (1)
- quotes (1)
- Recurring Events (1)
- remote database (1)
- Remove User (1)
- Report Designer (2)
- Reports (2)
- Resources (1)
- restrict access (1)
- rich text (1)
- Sales Conversion Rates (1)
- Scheduled Activity (1)
- Scheduling (1)
- search (2)
- Secondary Contacts (1)
- Secundary Contact (1)
- Secundary contact birthdate (1)
- Security (3)
- see both (1)
- sendoutcards.com (1)
- Shortcut to a folder (1)
- Skype (1)
- special characters (1)
- special letters (1)
- Summary (1)
- sycn (1)
- sync (1)
- synchronization (1)
- System Fields (1)
- Task Detail View (1)
- Task List (1)
- Task Location (1)
- TASKS (1)
- template (1)
- temporary contact list (1)
- Thunderbird (1)
- TODAY (1)
- todays calls (1)
- Toolbar (1)
- Totals (1)
- uninstall (1)
- update access list (1)
- upgrade (1)
- user-defined fields (1)
- View (2)
- Windows (1)
- wizard (1)
