Security Basics mailing list archives

Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails

From: David Jacoby <security () outpost24 com>
Date: Tue, 17 Oct 2006 12:09:08 +0200

Hi!

Basically this is a issue about trust. Its hard for a employer to
have 100% trust in the employees. There must be strict policies
which will inform the employer what he/she is allowed to do. It
also has to do with common sense but you cannot prevent this
kind of actions easy. There may always be USB drives, diskettes
CD/DVD which can be used to steal information.

You just need to have a policy which will prevent everyone from
having access to all information. Only the persons who should use
the information should have access to the information. If you
want to be really paranoid you could specify the read/write access
on the files aswell.

I personally think this is something which should be discussed
internally at the company. It should be a discussion about both
education and information about the company policy. Instead of
just preventing people for certain actions, inform them about why
its prevented so understand why it might be a security/integrity
issue if some documents left the building.

As a manager you can inform your employees that all communication
from the office will be logged, this includes all email and web traffic.
This is to prevent all potential "information leakage" and maybe other
risks.

If any employee want to do personal things such as check their bank,
send email to families or such you can always have computers which
is separated from the office network and where traffic is not logged.

There is not a correct answer for your question, it basically starts and
ends with the trust of your employees and also about education.

Best regards,
David Jacoby



sfmailsbm () gmail com skrev:

Dear List,

It is a common practice among users to user their personal email accounts like hotmail, gmail, etc to send & receive 
business (and most probably confidential) information

This is particularly the case when users are out of office

These webmails are not under the company's control, and hence there is a risk of information loss. However upto now we 
have not heard of any such cases

Wanted to get the opinion of the list on the security risks of the use of Webmails for business mails

Thanks & regards

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE

The NSA has designated Norwich University a center of Academic Excellencein Information Security. Our program offers unparalleled Infosec managementeducation and the case study affords you unmatched consulting experience.Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life.


http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



--
David Jacoby
Vice President Customer Experience
http://www.outpost24.com

phone: +46-(0)455-612311
fax  : +46-(0)455-13960
email: dj () outpost24 com



This communication contains information which is confidential
and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s)
please note that any for of distribution, copying or use of this
communication or the information in it is strictly prohibited
and may be unlawful. If you have received this communication in
error please return it to the end.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE


http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails, (continued)
- - Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Michal Merta (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Steven Meyer (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Murda Mcloud (Oct 17)
  - RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kurt Aubuchon (Oct 17)
    - RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Robert D. Holtz - Lists (Oct 17)
    - RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kurt Aubuchon (Oct 17)
    - RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Robert D. Holtz - Lists (Oct 18)
  - RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Duncan McAlynn (Oct 17)
  - Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Frynge Customer Support (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Robert D. Holtz - Lists (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails David Jacoby (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails fraser (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Devdas Bhagat (Oct 18)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Laundrup, Jens (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Oftedahl, Douglas (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Petter Bruland (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Hagen, Eric (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Wise, Ben (Oct 18)
  - Am I owned on port 27665 Faheem SIDDIQUI (Oct 18)

(Thread continues...)