Welcome | Sign In
ECommerceTimes.com
Security

Web Mail in the Workplace: Another Security Threat

Print Version
E-Mail Article
Reprints
Web Mail in the Workplace: Another Security Threat

By John P. Mello Jr.
TechNewsWorld
Part of the ECT News Network
10/28/06 1:30 AM PT

Web mail poses an additional risk because it arrives at a user's desk without being subjected to security measures imposed on e-mail traveling through a company's internal system, Javier Santoyo, a senior manager at security software maker Symantec, explained. "Web mail opens up a backdoor to the organization and relies on users to prevent an exploit or infection happening on its system," he maintained.


Success is just a matter of knowing the right "secrets." Download the free eBook, "The Edge of Success: 9 Building Blocks to Double Your Sales." You will discover the fastest, most effective ways to grow your business and still have time to live your life.

Unrestricted access from the office to personal Web-based e-mail Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse can pose security risks to businesses, but the practice is being largely ignored, according to a survey released by a security firm this week.

According to a poll taken at the Internet security monitoring portal of UK-based Marshal, 48 percent of the 242 respondents surveyed said they worked for companies that gave them complete and unrestricted access from work to personal Web mail.

"There are very few business-related reasons to allow -- but many reasons to deny -- Web mail access at work," Marshal CEO Ed Macnair said in a statement.

"Web mail," he continued, "can be a backdoor through which employees trade private company information, download or exchange inappropriate material or simply chat with their friends on company time.

"Forty-eight percent of companies without measures in place to prevent these issues is far too high a figure," he declared.

Risky Business

Allowing employees to have access to Web mail in any corporation with a lot of intellectual property is a risk, noted Javier Santoyo, a senior manager at security software maker Symantec (Nasdaq: SYMC).

"A high percentage of attacks are attacks on the browser," he said. "Even though companies like Hotmail, Yahoo (Nasdaq: YHOO) and Google (Nasdaq: GOOG) are modifying their Web mail to be safer, the most effective way to infect users is through e-mail."

Web mail poses an additional risk because it arrives at a user's desk without being subjected to security measures imposed on e-mail traveling through a company's internal system, Santoyo explained.

"Web mail opens up a backdoor to the organization and relies on users to prevent an exploit or infection happening on its system," he maintained.

Web mail is also a security risk because it tends to be in Web page format, or HTML, rather than plain text, asserted Shane Coursen, senior technical consultant at Kaspersky Lab.

"HTML e-mail presents a threat because of the scripting languages that can be contained in the e-mail itself," he told TechNewsWorld. "They allow hackers to infect machines without much user intervention."

Some companies recognize the risks posed by Web mail, but don't do much about it, according to Mitchell Ashley, CTO of StillSecure.

"Many organizations may have an acceptable use policy but don't actively enforce it," he told TechNewsWorld.

Threat Can't Get Respect

"Some corporations do use things like Web filtering to monitor employee activity and take disciplinary action, but that's typically to find porn coming into the organization," Ashley noted.

"Web mail is like Instant Messaging," he continued. "It goes un-talked about and un-noticed.

"Employees could be running their own business out of their cubicle through their access to Web mail.

"It's something that's getting some attention," he added, "but not to the degree that it should."

Size Matters

How much attention it gets can depend on the size of the company, according to Edward Laprade, president and CEO of ADNET Technologies, of Windsor, Conn., a systems integrator whose clientele is largely small and medium-sized businesses.

"Fortune 1000 companies pay a whole lot more attention to what their employees are doing," he told TechNewsWorld, "but if you're talking about the small to mid market, they don't. They really aren't paying very close attention at all to what employees do with their mail."

Risky or not, not all security experts believe that companies should block access to Web mail.

If an employee is malevolently motivated, shutting down Web mail is pointless, contended Jeremiah Grossman, CTO of WhiteHat Security in Santa Clara, Calif.

Monitoring Trumps Blocking

"If an insider is truly bad, they'll figure a way to get the information out there," Grossman told TechNewsWorld. "By blocking off that channel entirely, what you're probably doing is cutting off your vision into who might be doing bad things.

"If you monitor employees' activities instead of blocking them, you have a better chance of dealing with the situation and preventing it," he added.

Monitoring can be a middle-of-the-road solution between two extreme choices for a company's Web mail policy, observed Adam Schran CEO of Ascentive, a Philadelphia-based maker of network monitoring software.

"You can block everybody and come across as treating your employees like children, or you can enable it and place your organization at risk," he told TechNewsWorld. "Monitoring allows a company to enable Web mail, but to give it some scrutiny."

Print Version E-Mail Article Reprints More by John P. Mello Jr.

Talkback: Be the first to comment on this story.

More by John P. Mello Jr.

McAfee Gives Enterprise Macs a Bodyguard
November 02, 2009
When it comes to Mac use in an enterprise environment, running third-party security software isn't just a matter of using an abundance of caution. It may also be a matter of complying with governance mandates and regulations. McAfee's new Endpoint Protection for the Mac targets enterprise systems handling large amounts of sensitive data. 		Adobe Elements Buffs Up for Mac
October 26, 2009
For the almost-but-not-quite pro photog, Adobe Photoshop Elements offers a collection of tools that go beyond most free offerings but don't dish out the wallet-busting feature overload of full Photoshop. In the past, some Mac users have been annoyed with Adobe for having versions of Elements ready for Windows months before they were out on Mac. With version 8, both platforms get their chance at the same time. 		GoToMyPC Gets Ready to Go to Your Mac
October 19, 2009
GoToMyPC has been a popular remote access product in Citrix's portfolio, and previous versions have allowed any Net-connected computer to remotely control a PC. A new version, soon to come out of beta and into full release, can access Macs as well. With the growth of both telecommuting and Macs in the enterprise, Citrix felt the time was right.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Online Retail Transaction Performance Indices
> Inside E-Commerce Times
E-Commerce Times
TechNewsWorld
CRM Buyer
LinuxInsider
MacNewsWorld
Today's E-Commerce Times Sponsors
Complimentary Webinar
How Much is 'Free' Costing You? DaveRamsey.com’s 567% ROI with Enterprise Analytics
Entrust Extended Validation SSL
Entrust EV SSL certificates -- "go green" for less. Now from only $199 per year.
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.