Security Basics mailing list archives
Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
From: Kenton Smith <listsks () yahoo ca>
Date: Mon, 16 Oct 2006 15:32:03 -0700 (PDT)
Big risk! Here are a few off the top of my head. The number one risk of using these sites is that communication tends to not be encrypted. That means anyone sitting in the same wireless equipped cafe can easily intercept and read all email communication. Also, depending on the regulatory requirements of your business it may be illegal to be storing customer sensitive data on a third-party server over which you have no control. Lastly, and of less importance (maybe) is that there is no way to prove that a person has any authority to represent your company. At least if the mail is coming from a domain you control a propsective or active client can be reasonably assured that you are who you say you are. Of course there are better ways than just having an email address. But I think that if your users are currently using public mail providers for business email, certificates and email encryption aren't high on the company's list of priorities. Kenton ----- Original Message ---- From: "sfmailsbm () gmail com" <sfmailsbm () gmail com> To: security-basics () securityfocus com Sent: Monday, October 16, 2006 12:00:16 AM Subject: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Dear List, It is a common practice among users to user their personal email accounts like hotmail, gmail, etc to send & receive business (and most probably confidential) information This is particularly the case when users are out of office These webmails are not under the company's control, and hence there is a risk of information loss. However upto now we have not heard of any such cases Wanted to get the opinion of the list on the security risks of the use of Webmails for business mails Thanks & regards --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails, (continued)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kurt Aubuchon (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Robert D. Holtz - Lists (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kurt Aubuchon (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Robert D. Holtz - Lists (Oct 18)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kurt Aubuchon (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Duncan McAlynn (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Frynge Customer Support (Oct 17)
- Am I owned on port 27665 Faheem SIDDIQUI (Oct 18)
- Re: Am I owned on port 27665 Colin Copley (Oct 19)
- Re: Am I owned on port 27665 Andre Lauw (Oct 19)
- Re: Am I owned on port 27665 nick (Oct 19)