Security Basics mailing list archives
RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
From: "Wise, Ben" <Ben.Wise () cba com au>
Date: Wed, 18 Oct 2006 10:31:10 +1000
I agree trust is a big issue, and it goes beyond trust of the webmail companies and your staff. Have you considered management of password policies on these account? What type of information will be sent via email and who can see it. Do these webmail accounts work in SSL or is everything sent in clear text. Who creates these accounts? Do you own the account or does the user. Important for discrepancies between employee and employer. What will you do if there is an outage? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Jacoby Sent: Tuesday, 17 October 2006 8:09 PM To: security-basics () securityfocus com Subject: Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Hi! Basically this is a issue about trust. Its hard for a employer to have 100% trust in the employees. There must be strict policies which will inform the employer what he/she is allowed to do. It also has to do with common sense but you cannot prevent this kind of actions easy. There may always be USB drives, diskettes CD/DVD which can be used to steal information. You just need to have a policy which will prevent everyone from having access to all information. Only the persons who should use the information should have access to the information. If you want to be really paranoid you could specify the read/write access on the files aswell. I personally think this is something which should be discussed internally at the company. It should be a discussion about both education and information about the company policy. Instead of just preventing people for certain actions, inform them about why its prevented so understand why it might be a security/integrity issue if some documents left the building. As a manager you can inform your employees that all communication from the office will be logged, this includes all email and web traffic. This is to prevent all potential "information leakage" and maybe other risks. If any employee want to do personal things such as check their bank, send email to families or such you can always have computers which is separated from the office network and where traffic is not logged. There is not a correct answer for your question, it basically starts and ends with the trust of your employees and also about education. Best regards, David Jacoby sfmailsbm () gmail com skrev:
Dear List, It is a common practice among users to user their personal email
accounts like hotmail, gmail, etc to send & receive business (and most probably confidential) information
This is particularly the case when users are out of office These webmails are not under the company's control, and hence there is
a risk of information loss. However upto now we have not heard of any such cases
Wanted to get the opinion of the list on the security risks of the use
of Webmails for business mails
Thanks & regards
------------------------------------------------------------------------ ---
This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life. http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------ ---
-- David Jacoby Vice President Customer Experience http://www.outpost24.com phone: +46-(0)455-612311 fax : +46-(0)455-13960 email: dj () outpost24 com This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any for of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the end. ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- ************** IMPORTANT MESSAGE ************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. *************************************************************** --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails, (continued)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Robert D. Holtz - Lists (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails David Jacoby (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails fraser (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Devdas Bhagat (Oct 18)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Laundrup, Jens (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Oftedahl, Douglas (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Petter Bruland (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Hagen, Eric (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Wise, Ben (Oct 18)
- Am I owned on port 27665 Faheem SIDDIQUI (Oct 18)
- Re: Am I owned on port 27665 Colin Copley (Oct 19)
- Re: Am I owned on port 27665 Andre Lauw (Oct 19)
- Re: Am I owned on port 27665 nick (Oct 19)
- Am I owned on port 27665 Faheem SIDDIQUI (Oct 18)