Open IT Forum: Security concerns of forwarding work emails and other corporate personalizations.
A recent question from the community regarding forwarding work emails to a third party account such as Gmail spurred a reaction of general distaste. What are your thoughts on the IT risks posed by melding the personal with professional, whether it be through social networking sites, smart phones, or email forwarding? (Check out member DavidVasta's blog post on the same question.)
We're reserving 200 knowledge points to the best story. Software/Hardware used:
ASKED:
September 15, 2010 2:33 PM
UPDATED:
September 22, 2010 6:57 PM
Answer Wiki:
Last Wiki Answer Submitted:
Be the first to answer this question.
All Answer Wiki Contributors:
Be the first to answer this question.
To see all answers submitted to the Answer Wiki: View Answer History.
Recent bad results of auto-forwarding have caused our organization to turn this ability off. The trouble with an auto-forward rule is it causes email loops that can take down your mail server very quickly. We had this happen to us 3 times in one month and turned that option off for the organization as a result. Plus we do not approve of sending company emails to non-company accounts because of personal and corporate info that can be compromised not only for employees but also for customers.
Hi Technochic,
The auto-forwarding email loop server disaster is a concern other members have brought up as well; just one of the many examples of why these sort of risks should be part of educating end users. Even the most innocent-seeming action – forwarding email for more efficient and accessible work – can backfire and set an operation back.
Thanks for sharing!
Melanie
It’s not just auto-forwarding that can be an issue but auto-replies. A user of one mailing list I subscribed to had an out of office reply setup. This is not necessarily a bad thing. However, the user is a member of a government agency with a three-letter acronym for a name. The out of office message said how long the user was going to be out of the office and the full contact information for at least one other employee of the same government organization. This gave a potential phisher/attacker a lot of information to use for social engineering attack.
I would highly recommend that users reconsider any out of office auto-replies and whether they need to include any specific details in that message. I sure did after seeing the out of office autoreply in this case.
Hi Labnuke99,
That’s definitely something I never considered. It’s surprising to me how the most innocuous-seeming things (such as the amount of information in an auto-reply) create the biggest, most preventable vulnerabilities, usually because they get overlooked when addressing bigger threats.
Email has become such a pillar of doing business (both internal and external); hopefully it’ll get the attention it deserves when crafting security policies in the enterprise.
- Melanie
Thanks again for joining the discussion, Technochic & Labnuke! I’ll be adding 200 knowledge points to your scores for taking part.
- Melanie