RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
- From: "Robert D. Holtz - Lists" <robert.d.holtz@xxxxxxxxx>
- Date: Tue, 17 Oct 2006 20:19:14 -0500
Yup ... one employee can ruin things for everyone.
This is what usually triggers all kinds of draconian security measures that
just make it difficult for folks to get their jobs done and has little or no
real effect on how the breach actually took place.
I think companies should be more concerned with the stuff they let people
haul around on their cell phones/pda devices. I've always wondered just how
much sensitive information gets left in airport bars.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Kurt Aubuchon
Sent: Tuesday, October 17, 2006 5:08 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
True -- there are plenty of ways to move confidential
data offsite or to circumvent controls. Being able to
audit emails sent through the corporate server isn't
going to plug every hole, but no single solution will.
I do generally agree that you need to have a certain
level of trust in your employees, but it only takes
one to really ruin your day.
Kurt
--- "Robert D. Holtz - Lists"
<robert.d.holtz@xxxxxxxxx> wrote:
Sending proprietary or confidential email goes on---------------------------------------------------------------------------
all of the time every day.
It's up to the company to have some level of trust
in what information that
they allow their employees to have access to.
I can send out "secret" stuff to my hearts content
and you will never be
able to pick it up by auditing your email server.
Password protected
archives can be attached to an email and not set off
a single warning. You
will have no way of seeing what I'm up to.
This is just one method.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Kurt Aubuchon
Sent: Tuesday, October 17, 2006 3:45 PM
To: sfmailsbm@xxxxxxxxx;
security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Using Web mail (hotmail, gmail, yahoo,
etc) for Business mails
Also, if someone does something you'd rather they
not
do -- like sending out proprietary/confidential
information or having otherwise inappropriate
communication with an outsider -- you have no way of
seeing what they're up to. You can capture and
audit
emails that go through your corporate mail server,
but
not ones that go through Yahoo.
--- Murda Mcloud <murdamcloud@xxxxxxxxxxx> wrote:
away.
At some point email leaves 'your control' and goes
out across the wild blue
yonder; this is where encryption comes in.
One of the risks of using webmail is that it
bypasses any gateway filters
you may have so one layer of defense is taken
If you do have some kindetc)
of corporate encryption scheme in place and are
sending business email via
gmail then it won't be part of that scheme.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of sfmailsbm@xxxxxxxxx
Sent: Monday, October 16, 2006 4:00 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Using Web mail (hotmail, gmail, yahoo,
for Business mailsbusiness
Dear List,
It is a common practice among users to user their
personal email accounts
like hotmail, gmail, etc to send & receive
(and most probablyof
confidential) information
This is particularly the case when users are out
officecontrol,
These webmails are not under the company's
and hence there is a
risk of information loss. However upto now we have
not heard of any such
cases
Wanted to get the opinion of the list on the
security risks of the use of
Webmails for business mails
Thanks & regards
---------------------------------------------------------------------------This list is sponsored by: Norwich University-
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
ONLINE
The NSA has designated Norwich University a center
of Academic Excellence
in Information Security. Our program offers
unparalleled Infosec management
education and the case study affords you unmatched
consulting experience.
Using interactive e-Learning technology, you can
earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------This list is sponsored by: Norwich University-
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
ONLINE
The NSA has designated Norwich University a center
of Academic Excellence
in Information Security. Our program offers
unparalleled Infosec management
education and the case study affords you unmatched
consulting experience.
Using interactive e-Learning technology, you can
earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
This list is sponsored by: Norwich University---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE -
ONLINE
The NSA has designated Norwich University a center
of Academic Excellence
in Information Security. Our program offers
unparalleled Infosec management
education and the case study affords you unmatched
consulting experience.
Using interactive e-Learning technology, you can
earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
- From: Kurt Aubuchon
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
- Prev by Date: Re: Questions about Novell ZENwork security audit and review tools
- Next by Date: Re: Allowing Non admin users to install approved software
- Previous by thread: RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
- Next by thread: RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
- Index(es):
Relevant Pages
|
