RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails

Another issue with these webmail products is the mass storage that they now
provide. In highly secured environments they can pose as much of a security
risk as USB drives and removable storage. All a user has to do is email
himself attachments of company docs, schematics, financials, etc...

It's not to say this can't be circumvented by other means, but by having a
policy restricting access to such sites you're demonstrating due diligence
and lessening the attack surface of your environment. You can use ACLs to
permit users access that have pleaded a worthy argument.

Duncan

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Murda Mcloud
Sent: Monday, October 16, 2006 8:13 PM
To: sfmailsbm@xxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails


At some point email leaves 'your control' and goes out across the wild blue
yonder; this is where encryption comes in.

One of the risks of using webmail is that it bypasses any gateway filters
you may have so one layer of defense is taken away. If you do have some kind
of corporate encryption scheme in place and are sending business email via
gmail then it won't be part of that scheme.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of sfmailsbm@xxxxxxxxx
Sent: Monday, October 16, 2006 4:00 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails

Dear List,

It is a common practice among users to user their personal email accounts
like hotmail, gmail, etc to send & receive business (and most probably
confidential) information

This is particularly the case when users are out of office

These webmails are not under the company's control, and hence there is a
risk of information loss. However upto now we have not heard of any such
cases

Wanted to get the opinion of the list on the security risks of the use of
Webmails for business mails

Thanks & regards

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------





---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
    ... The risk of webmails as business emails, is at a maximum risk BUT ALL EMAIL IS, regardless if its webmail. ... The answer in my mine is dependant on what level of security you want. ... No email without encryption, be it on your own server, a hosting companies, or a company like gmail, or webmail is safe. ...
    (Security-Basics)
  • RE: Security procedure question
    ... A Security department is only as strong as policy. ... for it back or gets rid of the risk. ... The NSA has designated Norwich University a center of Academic Excellence ... education and the case study affords you unmatched consulting experience. ...
    (Security-Basics)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
    (Security-Basics)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Why Easy To Use Software Is Putting You At Risk ... Four Construction Workers Died after Crane Collapse in Toledo, ... The first issue to address is yes you found a vulnerability and it was ... a Security Discussion board, that is what we do here. ...
    (Security-Basics)
  • More food for thought
    ... Basic Risk Analysis ... I have taken a position that the professional security community in general ... has and will continue to fail because they are operating under the same ... storing those backups safely offsite in a secure location on a daily basis. ...
    (comp.security.misc)