Security Basics mailing list archives
RE: Former Employee Email - Exchange
From: "Lee Bottone" <fusedlee () eanalysis net>
Date: Fri, 18 Jan 2008 18:06:05 -0600
This is actually a pretty good time to bring up security and the legal issues: 1. Can your employees use company mail for personal use? If they are using it for personal use, giving all their messages to the next employee could be a violation of their privacy rights, as there will be personal information that could be misused in there. Ideally you don't want them to use company mail for personal use. The college I work allows personal use, so they simply disable the account and edit the name to include the phrase no longer employed (so that Helpdesk does not re-enable the account accidentally). Then if there is a message that someone needs from the account, the system administrator recovers the message. This limits our exposure to someone who can craft the query to not look at mail that does not pertain to the company, and limits the liability of violating privacy issues down to one person (as opposed to whoever replaces the old employee, the system technicians who port the mail over, and possibly others). -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of patricekemoe () gmail com Sent: Friday, January 18, 2008 4:35 PM To: nextdrewsaid () gmail com Cc: security-basics () securityfocus com Subject: Re: Former Employee Email - Exchange In my comnpany we do the following when an employee leaves: 1- an auto response is put stating the the user is no longer with the company 2- forward his message to an employee that was choose by administration 3- after two or tree months according to his responsibility, the email account his delete from the mail system On 18 Jan 2008 19:26:46 -0000, nextdrewsaid () gmail com <nextdrewsaid () gmail com> wrote:
The situation I have on my hands is something that I am sure many of you deal with on a somewhat regular basis; however, I am sure in each case it
is
handled differently. When an employee leaves the company, how do you handle their email? Initially, in our case, an auto response is put up stating that the user
is
no longer with the company, and that you should contact "this person" for assistance etc. Several times we have created a PST of the former employees email, and
then
import that PST into the persons email box who has replaced them or we
have
passed it off to their former manager, of course we place it in a separate folder so as not mingle with their own email. So how do you handle old email, specifically containers in an Exchange
2003
environment? I would be interested in all thoughts, from security, regulatory and logistical point of view.
-- Patrice KEMOE Senior Analyst --IT Consultant ---------------------------------------------------------------------------- - --MCP, MCAD.NET, MCSD.NET, MCT, Linux+ Certified Professional
Current thread:
- Former Employee Email - Exchange nextdrewsaid (Jan 18)
- Re: Former Employee Email - Exchange patricekemoe (Jan 18)
- RE: Former Employee Email - Exchange Lee Bottone (Jan 19)
- Re: Former Employee Email - Exchange Kurt Buff (Jan 19)
- RE: Former Employee Email - Exchange Evert Breero (Jan 19)
- RE: Former Employee Email - Exchange Roger Onken (Jan 21)
- Re: Former Employee Email - Exchange Jay (Jan 22)
- Re: Former Employee Email - Exchange patricekemoe (Jan 18)