{"id":2404,"date":"2007-01-12T00:00:00","date_gmt":"2007-01-12T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2007\/01\/12\/firms-fret-as-office-e-mail-jumps-security-walls\/"},"modified":"2021-12-30T11:41:16","modified_gmt":"2021-12-30T11:41:16","slug":"firms-fret-as-office-e-mail-jumps-security-walls","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2007\/01\/12\/firms-fret-as-office-e-mail-jumps-security-walls\/","title":{"rendered":"Firms Fret as Office E-Mail Jumps Security Walls"},"content":{"rendered":"<p>A growing number of Internet-literate workers are forwarding their office e-mail to free Web-accessible personal accounts offered by Google, Yahoo and other companies.  Its a hole you can drive an 18-wheeler through, said Paul D. Myer, president of the security firm 8E6 Technologies in Orange, Calif.  It is a battle of best intentions: productivity and convenience pitted against security and more than a little anxiety.  Corporate techies who, after all, are paid to worry want strict control over internal company communications and fear that forwarding e-mail might expose proprietary secrets to prying eyes.  Employees just want to get to their mail quickly, wherever they are, without leaping through too many security hoops.  That is too much for some employees, especially when their computers can store the passwords for their Web-based mail, allowing them to get right down to business.  For example, the flimsier security defenses of Web mail systems could allow viruses or spyware to get through, and employees could unwittingly download them at the office and infect the corporate network.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If employees are just forwarding to their Web e-mail, we have no way to know what they are doing on the other end, said Joe Fantuzzi, chief executive of the information security firm Workshare.<\/p>\n<p>Hospitals have an added legal obligation to protect patient records.  When DeKalb Medical Center in Atlanta started monitoring its staff use of Web-based e-mail, it found that doctors and nurses routinely forwarded confidential medical records to their personal Web mail accounts not for nefarious purposes, but so they could continue to work from home.  DeKalb now forbids the practice, and uses several software systems that monitor the hospitals outbound e-mail and Web traffic.<\/p>\n<p>Even the security experts most knowledgeable about the risks of e-mail forwarding to personal accounts acknowledge doing so themselves.  Bargero said she often used her Yahoo Mail account on business trips so she does not have to access her corporate network remotely.  It is difficult to quantify exactly how many otherwise model employees are opting to use services like Yahoo Mail or Googles Gmail over their companys authorized e-mail programs.<\/p>\n<p>At the business software maker BEA Systems, Anthony Bisulca, a senior security analyst, estimated that around 30 percent of his employees were using private e-mail accounts in the office, even though the companys Internet policy clearly prohibits it.<\/p>\n<p>Many corporate technology professionals express the fear that Google and its rivals may actually own the intellectual property in the e-mail that resides on their systems.  If you cant trust employees enough to use services like Gmail, they probably shouldnt be working for you, he said.<\/p>\n<p>In a survey conducted last year, the e-mail security firm Proofpoint found that 37 percent of companies in the United States used software to monitor office use of Web mail.<\/p>\n<p>This year, Google plans to introduce a more secure version of Gmail for use in large companies.  But Microsoft and other providers of traditional internal e-mail systems, which the research firm Radicati says generated $2.5 billion in sales last year, are helping companies combat employee use of the Web services.<\/p>\n<p>http:\/\/www.nytimes.com\/2007\/01\/11\/technology\/11email.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2404","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2404"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2404\/revisions"}],"predecessor-version":[{"id":4891,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2404\/revisions\/4891"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}