Veterans Affairs dinged for using insecure chat service for official business

The last thing that the Veterans Affairs was wanting was bad press but, they got it nonetheless.  This time the VA is dealing with the fallout of a report in which it showed the use, misuse and, in some cases, outright abuse of the social chat service Yammer.

Yammer markets itself as “a private social network that helps employees collaborate across departments, locations, and business apps.”  However, according to the findings from an internal investigation, in the VA, privacy and security were an afterthought with this service.

For example, there was no administrator for the VA’s Yammer group.  This meant that, when employees and contractors left the VA, their access to the group remained active.  Also, simply put, this was a public group.  According to the report, it was assumed that everyone would be “self-policing” in their behavior.

So, did that happen?  Not by a long shot.

In one instance, someone actually posted what they believed was a way to create a copy of a VA I.D. (read fake I.D).  The instructions wouldn’t have worked but, the fact that someone felt comfortable enough to post this to the VA’s Yammer group is very telling.

Users in the group also publicly insulted one another on the service — which is not something you would expect to see in a professional environment.

The service also spammed VA email users, even those who were not on Yammer.

When asked about why the VA didn’t opt for a paid version of the service that would have been more secure, the department’s I.T. director said that it wasn’t worth the $30/user cost and that the free version was “good enough”.

Suprisingly, even in the wake of this report, the VA still has a portion of its site where the old policy and download links for Yammer are still in place.

Social networking in the enterprise can be a great thing but, doing it this way is just downright terrible.

Helping you to avoid killing your career in 140 characters.