RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails

["Robert D. Holtz - Lists" <robert.d.holtz () gmail com>]

Yup ... one employee can ruin things for everyone.

This is what usually triggers all kinds of draconian security measures that
just make it difficult for folks to get their jobs done and has little or no
real effect on how the breach actually took place.

I think companies should be more concerned with the stuff they let people
haul around on their cell phones/pda devices.  I've always wondered just how
much sensitive information gets left in airport bars.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Kurt Aubuchon
Sent: Tuesday, October 17, 2006 5:08 PM
To: security-basics () securityfocus com
Subject: RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails

True -- there are plenty of ways to move confidential
data offsite or to circumvent controls.  Being able to
audit emails sent through the corporate server isn't
going to plug every hole, but no single solution will.
 

I do generally agree that you need to have a certain
level of trust in your employees, but it only takes
one to really ruin your day.

Kurt

--- "Robert D. Holtz - Lists"
<robert.d.holtz () gmail com> wrote:

> Sending proprietary or confidential email goes on
> all of the time every day.
>
>
> It's up to the company to have some level of trust
> in what information that
> they allow their employees to have access to.
>
> I can send out "secret" stuff to my hearts content
> and you will never be
> able to pick it up by auditing your email server. 
> Password protected
> archives can be attached to an email and not set off
> a single warning.  You
> will have no way of seeing what I'm up to.
>
> This is just one method.
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On
> Behalf Of Kurt Aubuchon
> Sent: Tuesday, October 17, 2006 3:45 PM
> To: sfmailsbm () gmail com;
> security-basics () securityfocus com
> Subject: RE: Using Web mail (hotmail, gmail, yahoo,
> etc) for Business mails
>
> Also, if someone does something you'd rather they
> not
> do -- like sending out proprietary/confidential
> information or having otherwise inappropriate
> communication with an outsider -- you have no way of
> seeing what they're up to.  You can capture and
> audit
> emails that go through your corporate mail server,
> but
> not ones that go through Yahoo.  
>
> --- Murda Mcloud <murdamcloud () bigpond com> wrote:
>
> > At some point email leaves 'your control' and goes
> > out across the wild blue
> > yonder; this is where encryption comes in.
> >
> > One of the risks of using webmail is that it
> > bypasses any gateway filters
> > you may have so one layer of defense is taken
> away.
> > If you do have some kind
> > of corporate encryption scheme in place and are
> > sending business email via
> > gmail then it won't be part of that scheme.
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On
> > Behalf Of sfmailsbm () gmail com
> > Sent: Monday, October 16, 2006 4:00 PM
> > To: security-basics () securityfocus com
> > Subject: Using Web mail (hotmail, gmail, yahoo,
> etc)
> > for Business mails
> >
> > Dear List,
> >
> > It is a common practice among users to user their
> > personal email accounts
> > like hotmail, gmail, etc to send & receive
> business
> > (and most probably
> > confidential) information
> >
> > This is particularly the case when users are out
> of
> > office
> >
> > These webmails are not under the company's
> control,
> > and hence there is a
> > risk of information loss. However upto now we have
> > not heard of any such
> > cases
> >
> > Wanted to get the opinion of the list on the
> > security risks of the use of
> > Webmails for business mails
> >
> > Thanks & regards
---------------------------------------------------------------------------
> > This list is sponsored by: Norwich University
> >
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
> -
> > ONLINE
> > The NSA has designated Norwich University a center
> > of Academic Excellence 
> > in Information Security. Our program offers
> > unparalleled Infosec management 
> > education and the case study affords you unmatched
> > consulting experience. 
> > Using interactive e-Learning technology, you can
> > earn this esteemed degree, 
> > without disrupting your career or home life.
> >
> > http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
> >
---------------------------------------------------------------------------
> > This list is sponsored by: Norwich University
> >
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
> -
> > ONLINE
> > The NSA has designated Norwich University a center
> > of Academic Excellence 
> > in Information Security. Our program offers
> > unparalleled Infosec management 
> > education and the case study affords you unmatched
> > consulting experience. 
> > Using interactive e-Learning technology, you can
> > earn this esteemed degree, 
> > without disrupting your career or home life.
> >
> > http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE -
> ONLINE
> The NSA has designated Norwich University a center
> of Academic Excellence 
> in Information Security. Our program offers
> unparalleled Infosec management 
> education and the case study affords you unmatched
> consulting experience. 
> Using interactive e-Learning technology, you can
> earn this esteemed degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------