You’ve gotta love entrepreneurs. They are the folks that risk their lives for dreams, cooked up in garages and basements and on coffee house napkins. They are the cogs that make the machine work. I personally adore the looks in their eyes when their fledgling enterprises get some press - some validation that their idea was recognized. It is exciting as all getup.

When the promotion is misdirected, however, I think it is deserving of sneers, as in the case of Ernst & Young and Ernst & Young and a spyware/spamming outfit.

:-/ —-> That’s the best sneer I could muster online.

Now E&Y really doesn’t gets the benefit of doubt. In fact, I think they might just be clueless.

Ernst & Young has been waging a losing battle with laptop thieves. First they lost one that contained Scott McNealy’s SSN, and now four more machines have fallen prey.

On the first, the E&Y employee deserves a drubbing for leaving the machine in a car. That is just plain stupid. But regarding the laptops stolen from what I suspect was a client location, well that is another matter. The second incident is no different than the perps directly stealing a client’s machine out of an office cubicle, and no thief is really going to care much about a Kensington security cable - that is what wire cutters are for. If a consultant or auditor’s data trove isn’t safe in a client’s office, then the client has bigger fish to fry than E&Y.

Either way, however, E&Y does deserve whatever The Register dishes out for not disclosing the issue to affected parties in the first place.

Businesses are no doubt suffering from crooks pretending to be them. If a bank or credit card company utilizes email for account reminders, and a customer grows accustomed to getting them, sooner or later that customer will fall for a scam inserted in between. eBay is a big player who knows this, which is why they rolled out an internal messaging system. The pursuit of “e-safe” customer relations need not stop there.

Ernst & Young and Truste have teamed up on a whitepaper entitled “How Not To Look Like A Phish”. In it they discuss some of the ways businesses can help their customers in the phishing wars, by exercising some “best practices” on their ends.

The guide includes the following recommendations:

- Eliminate using instant message and e-mail to collect information, unless the contact is initiated by the customer.

- Never use an urgent, threatening, or time-sensitive tone.

- Explicitly spell out Web site links and keep the links as straightforward and descriptive as possible. Don’t hypertext words like “click here” that are commonly used to mask false Web site addresses.

- Personalize customer e-mail with non-threatening personal data like a first name so recipients know that the e-mail is coming from a company that knows them.

- Direct customers to respond via your main home page as much as possible.

- Protect your name by checking for unauthorized Web sites that use variations of your company name.

- Authenticate your Web sites using digital certificates.

- Be clear in communicating your anti-phishing strategy to customers.

You can grab the whitepaper in Acrobat format here.