Reasons for blocking webmail access in the workplace...

["VNV Jeep" <vnvjeep () hotmail com>]

Hi all... I was able to convince my boss a couple of years ago to block 
webmail (like yahoo, hotmail, etc.) in the workplace, because it was really 
getting out of control, and life has been good since then.  This issue of 
allowing access to webmail has recently come up again, and so I was 
wondering what others are doing about this problem, or isn't it a problem 
for you?  Below are a list of reasons I came up with of why I don't want 
webmail in the workplace... I'd like to hear from you if you have solutions, 
and if you have any other good ones to add, please send me an email: 
vnvjeep () hotmail com...

1.)  Unwanted files and viruses *will* bypass our corporate email content 
filter / virus scanner... We will solely be relying on desktop scanners as 
our last line of defense.
2.)  Decrease in productivity, increase in chit-chat, increase in 
browse/surfing times... which has already been proven in the past.
3.)  Unable to reliably track true email usage... you may send 2 business 
emails via Outlook, but use yahoo to send 50 personal emails, and we 
wouldn't know that.
4.)  Unable to any longer spot email abuse... see above.  We would now have 
to go by surfing statistics.
5.)  Unable to archive email traffic between internal and external users... 
because emails are no longer going through Exchange, but now look like 
standard webtraffic...  which may bite us in a lawsuit, or in an internal 
situation where directors may demand to see all emails going between one 
specific employee and their contacts.  We would not be able to prove certain 
emails were sent/received.
6.)  Greater chance of users clicking on cross-site scripting 
vulnerabilities, internet explorer vulnerabilities/exploits, and phishing 
scams... all of which are currently being content filtered before arriving 
at people desktops.
7.)  Increased workload on IT staff... to keep machines disinfected from 
Spyware, unwanted files that the desktop virus scanners would not be able to 
pick up, and programs that people may have been able to install or copy over 
to their computer from a yahoo email.
8.)  Great possibility and incredible EASE of business intelligence / PHI 
leaks... emails can be sent without anyone's knowledge which could damage 
our business or reputation.  Emails are no longer captured, and thus, can 
not be proven.  In the case of HIPAA, allowing people access to external 
webmail services might be considered a HIPAA violation.
9.)  Greater possibility of adult/porn content leaking through from webmail 
services, since most email porn is spam generated... Because we filter spam, 
the level of porn currently coming through is next to nothing. The risk of 
Hostile Workplace complaints will be increased because porn may pop up more 
frequently on people's desktops as reliable spam filtering is vitually 
non-existent on the webmail services.  All web content, including potential 
adult content would also be downloaded on our local PCs.
10.)  Increased threat to the health of our internal network...  Extremely 
new viruses/trojans that don't have virus definitions created for them yet 
have a higher chance of infecting PCs and servers on our network.  Typically 
brand new viruses are caught by our corporate email content filter / virus 
scanner even if we don't have new definitions, however, if we're relying on 
a desktop virus scanner without the latest definitions, there is a great 
potential for considerable damage that would be done to our network, which 
may cost us major downtime and a damaged repuation.

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------