A frequent reader of my work sent me an E-Mail that she received from a security software vendor about an expired subscription. She knew that I promote positive approaches and communications in the InfoSec community, and I applaud her for her commitment to that ideal.
Since I am not in the business of embarrassing a vendor, I have intentionally obfuscated all names. Here is the message:
Dear AAAA,
Recently this office contacted your organization with respect to
your expired XXXX license. Unfortunately we have not heard
back and as such are sending this second courtesy notice before
escalating the matter within your organization.
As previously explained, the XXXX software license agreements
states that support must be renewed prior to expiration of an existing
license.
In the event that a XXXX customer does not purchase support
prior to expiration, that customer could be assessed an out-of-compliance
fee to compensate XXXX for the failure to timely renew the
applicable support. If you have not yet completed your renewal order,
please do so today and avoid the complication of additional fees.
Additionally, please ensure you incorporate any anticipated growth
into your renewal purchase.
Your quick response to this matter is appreciated.
Regards,
Name removed
Legal Affairs | License Compliance Services
How far did you have to read before you identified the antagonistic language of that “courtesy notice”? Phrases such as “escalating the matter within your organization”, “assessed an out-of-compliance fee”, and even the ostensibly optimistic “incorporate any anticipated growth” sound more threatening than positive.
Lastly, the signature line is quite eyebrow-raising. Why is a software renewal notice being sent from the “Legal Affairs” department.
Perhaps I am hyper-sensitive to the subtleties of interpersonal communications, and I have often remarked how the only way that we will succeed to spread the message of InfoSec is through positive interactions with those we wish to influence. How will we succeed when a vendor uses a threatening form letter for something as trivial as a software license renewal? It leaves a horrible blemish on the industry which bleeds down to the public’s impression of all security professionals.
Sometimes, we have to have difficult conversations; that is a part of life, and it is definitely part of information security. However, even those difficult communications can be tempered to match the perceived risk or offense.
The only part of the letter that brought a smile to my face is the final line that solicits “Your quick response to this matter is appreciated”. Many of my old Bronx friends know a few appropriate gestures that would satisfy that plea in the context of that letter.
Can a simple communication affect the entire profession? Perhaps it can. We have to remember that how we communicate to our clients – whoever they are, and no matter how difficult the communication – can reverberate beyond our own interaction and either raise or lower the perception of our entire profession.
[su_box title=”About Bob Covello” style=”noise” box_color=”#336588″][short_info id=’83956′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.