Educause Security Discussion mailing list archives
Re: Personal Email
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 26 Oct 2009 10:06:20 -0400
On Mon, 26 Oct 2009 09:45:12 EDT, Daniel Bennett said:
Does anyone have a policy that specifically says that the use of personal email on College owned PCs is not allowed? (POP, IMAP, Web, Direct Exchange, etc)?
Ouch. That's going to be about as difficult to enforce as "mo personal phone calls" and for the same basic reasons. Remember - don't ever make a policy that you don't know how to enforce. Consider 2 people that work in different departments of your institution. They exchange one set of e-mails regarding school business, a second set of e-mail regarding a trip their kids are taking this weekend, and then a third set regarding different school business. All 3 sets of e-mail traverse the same school servers and no others. How do you intend to enforce the policy and deal with that second set? You might want to think about what problem you're trying to solve by saying "no personal e-mail". Is it an employee productivity issue? Maybe the rule should be "no personal e-mail while you're on the clock" (consider if the user is using their own Blackberry/etc, not a college-owned one). If it's a security issue ("but the e-mail might be a virus"), you have two bigger problems - first, that your PCs aren't secured enough to read e-mail at all (consider if the virus comes from another PC inside the school), and the second that many of the malware e-mails get opened even though they don't *look* like personal e-mail (consider the flood of "webmail upgrade" phishes).
Attachment:
_bin
Description:
Current thread:
- Personal Email Daniel Bennett (Oct 26)
- <Possible follow-ups>
- Re: Personal Email Valdis Kletnieks (Oct 26)
- Re: Personal Email Pete Hickey (Oct 26)
- Re: Personal Email Basgen, Brian (Oct 26)
- Re: Personal Email Stanclift, Michael (Oct 26)
- Re: Personal Email Bob Bayn (Oct 26)
- Re: Personal Email Harris, Michael C. (Oct 26)