Welcome | Sign In
TechNewsWorld.com
Security

Web Mail in the Workplace: Another Security Threat

Print Version
E-Mail Article
Reprints
Web Mail in the Workplace: Another Security Threat

By John P. Mello Jr.
TechNewsWorld
10/28/06 1:30 AM PT

Web mail poses an additional risk because it arrives at a user's desk without being subjected to security measures imposed on e-mail traveling through a company's internal system, Javier Santoyo, a senior manager at security software maker Symantec, explained. "Web mail opens up a backdoor to the organization and relies on users to prevent an exploit or infection happening on its system," he maintained.


Listen to Your Customers, Grow Your Bottom Line.
Learn how loyal customers can be your best advocates for evangelizing your products and brand, while helping you to dramatically gain new business. Download "Customer Experience Management: Engaging Loyal Customers to Evangelize Your Brand."

Unrestricted access from the office to personal Web-based e-mail can pose security risks to businesses, but the practice is being largely ignored, according to a survey released by a security firm this week.

According to a poll taken at the Internet security monitoring portal of UK-based Marshal, 48 percent of the 242 respondents surveyed said they worked for companies that gave them complete and unrestricted access from work to personal Web mail.

"There are very few business-related reasons to allow -- but many reasons to deny -- Web mail access at work," Marshal CEO Ed Macnair said in a statement.

"Web mail," he continued, "can be a backdoor through which employees trade private company information, download or exchange inappropriate material or simply chat with their friends on company time.

"Forty-eight percent of companies without measures in place to prevent these issues is far too high a figure," he declared.

Risky Business

Allowing employees to have access to Web mail in any corporation with a lot of intellectual property is a risk, noted Javier Santoyo, a senior manager at security software maker Symantec (Nasdaq: SYMC).

"A high percentage of attacks are attacks on the browser," he said. "Even though companies like Hotmail, Yahoo (Nasdaq: YHOO) and Google (Nasdaq: GOOG) are modifying their Web mail to be safer, the most effective way to infect users is through e-mail."

Web mail poses an additional risk because it arrives at a user's desk without being subjected to security measures imposed on e-mail traveling through a company's internal system, Santoyo explained.

"Web mail opens up a backdoor to the organization and relies on users to prevent an exploit or infection happening on its system," he maintained.

Web mail is also a security risk because it tends to be in Web page format, or HTML, rather than plain text, asserted Shane Coursen, senior technical consultant at Kaspersky Lab.

"HTML e-mail presents a threat because of the scripting languages that can be contained in the e-mail itself," he told TechNewsWorld. "They allow hackers to infect machines without much user intervention."

Some companies recognize the risks posed by Web mail, but don't do much about it, according to Mitchell Ashley, CTO of StillSecure.

"Many organizations may have an acceptable use policy but don't actively enforce it," he told TechNewsWorld.

Threat Can't Get Respect

"Some corporations do use things like Web filtering to monitor employee activity and take disciplinary action, but that's typically to find porn coming into the organization," Ashley noted.

"Web mail is like Instant Messaging," he continued. "It goes un-talked about and un-noticed.

"Employees could be running their own business out of their cubicle through their access to Web mail.

"It's something that's getting some attention," he added, "but not to the degree that it should."

Size Matters

How much attention it gets can depend on the size of the company, according to Edward Laprade, president and CEO of ADNET Technologies, of Windsor, Conn., a systems integrator whose clientele is largely small and medium-sized businesses.

"Fortune 1000 companies pay a whole lot more attention to what their employees are doing," he told TechNewsWorld, "but if you're talking about the small to mid market, they don't. They really aren't paying very close attention at all to what employees do with their mail."

Risky or not, not all security experts believe that companies should block access to Web mail.

If an employee is malevolently motivated, shutting down Web mail is pointless, contended Jeremiah Grossman, CTO of WhiteHat Security in Santa Clara, Calif.

Monitoring Trumps Blocking

"If an insider is truly bad, they'll figure a way to get the information out there," Grossman told TechNewsWorld. "By blocking off that channel entirely, what you're probably doing is cutting off your vision into who might be doing bad things.

"If you monitor employees' activities instead of blocking them, you have a better chance of dealing with the situation and preventing it," he added.

Monitoring can be a middle-of-the-road solution between two extreme choices for a company's Web mail policy, observed Adam Schran CEO of Ascentive, a Philadelphia-based maker of network monitoring software.

"You can block everybody and come across as treating your employees like children, or you can enable it and place your organization at risk," he told TechNewsWorld. "Monitoring allows a company to enable Web mail, but to give it some scrutiny."

Print Version E-Mail Article Reprints More by John P. Mello Jr.

Talkback: Be the first to comment on this story.

More by John P. Mello Jr.

FileMaker Pro Goes to 11
March 15, 2010
FileMaker has pushed out the 11th version of its Pro database product, and its new charting capabilities top the list of new features. Pie, bar and area charts can be created instantly and will change dynamically as the data underlying them changes. In addition, FileMaker 11 includes more than 30 "Start Solutions" that address the kind of real-world information needs for which business people buy a database. 		Corel's X3 Photo Editor Paints a Pretty Picture
March 11, 2010
Corel has packed its latest version of PaintShop Photo Pro, X3, with a boatload of new features, many of which are aimed at smoothing out the photographer's workflow. It's tied in a new batch processing feature as well as Express Lab, which gives photo editors the power of combined tools. There's also better support for RAW files and a bonus Painter Photo Essentials 4 app for adding an artistic flourish. 		Aperture's Makeover Delights Photogs
March 08, 2010
While Aperture's new features make it more attractive than ever to professional photographers, its main selling point appears to be its superior ability to automate a photographer's workflow. "For me, the most important thing about Aperture -- always has been and remains -- is that it is simply the most powerful archiving tool available," said photographer Bill Frakes.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Free eBook: Secure Your Datacenter
Click here to download today.
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside TechNewsWorld
E-Commerce Times
MacNewsWorld
CRM Buyer
LinuxInsider
Today's TechNewsWorld Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
Data Deposit Box Online Storage
Sign up for a 2 week free trial and start earning recurring revenue today.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.