Community
Showing results for 
Search instead for 
Do you mean 
Reply

Email Security Flaw in Act 2009

ABM
Copper Contributor
Posts: 14
Country: USA

Email Security Flaw in Act 2009

To illustrate my problem consider the following scenario ... three people, a SalesPerson (SP), his Manager (MGR), and Human Resources Manager (HR). SP and MGR both use Act and share the same database. Both are integrated with Microsoft Outlook. HR is not (and does not need to be) an Act user. SP is not performing well and MGR liaises with HR via email. SP suspects he is going to be terminated so he creates a contact record for HR in the database, complete with email address. MGR exchanges confidential emails with HR ,never suspecting that HR is in the contact database. Meanwhile SP checks the email history for both MGR and HR and reads the confidential email exchanges between MGR and HR. Now I know that Act allows users to flag emails as Private but when the typical Act user is emailing a colleague (internal) directly from Outlook, then he/she really isn't even thinking about such emails being recorded in Act History because the person he is communicating with is a fellow employee.I maintain an open database where every Contact is accessible to foster better communication, cooperation, and collaboration amongst the sales force. I would prefer not to change (i.e. restrict) my current setup but I can find no way to prevent this from happening. Act technical support was no help whatsoever - essentially refusing to even acknowledge this as a flaw in their system.First of all I asked Act if I could impose a validation constraint when entering email addresses, e.g. "E-mail does not contain @MyDomain.com" where obviously MyDomain.com would be the suffix for all our employee email addresses. Of course this would prevent users from having their own email address on their user record (and that would be an inconvenience on standard templates).Another suggestion I had for Act was to provide a domain name in the Email Setup that could be used to suppress recording emails in history if the 'to and from' email addresses had the same domain name (i.e. an internal email to a colleague).Can anyone offer a solution to combat this problem? I would appreciate any help and/or advice that does not necessitate deviation from a database that allows users to see every contact. Thanks.
Platinum Elite Contributor
Posts: 6,537
Country: USA

Re: Email Security Flaw in Act 2009

Hello,

Your suggestions for additional security for recording email history are interesting. I would suggest that you post them in the Community's Share Your Ideas Board for greater exposure. For now, it will be necessary for you to manually mark messages as Private or uncheck the option to record them history when the message is being composed. The privacy feature is there in the event that the database is open to all users.

Greig Hollister

Note: Effective 6/1/13, Sage no longers provides support for the Act! software. This is now provided by Swiftpage.

Copper Contributor Kez
Copper Contributor
Posts: 11
Country: Australia

Re: Email Security Flaw in Act 2009

Interesting...

 

I believe it's not a software issue but a human one - Educating your users/clients on system awareness and what the software can do (be it the positive or the negative). 

 

The one thing I've always told people about the integration is that everything has the potential to be logged in the system (key words in bold, you don't want them to think ACT! is big brother), so if there is sensitive information you only want yourself and the other party to see, don't risk putting it into the system.