www.fortknoxnetworks.com
In many cases, we must balance availability against confidentiality. The two are not necessarily mutually exclusive, but in general by increasing confidentiality you decrease availability at least in terms of methods, locations and speed of access.
Why Forwarding Your Email to A Free Email Provide is Good
The benefits of such an action are easy to see:
1. Easier access to the emails.
2. Accessible from any computer without hoops to jump.
3. Easier to configure phones and mobile devices to receive
4. Synchronization options with mobile devices
I have seen cases where this has been done by individuals that just wanted the convenience, did not know how to access their email securely and I have seen cases where a cell phone provider was just trying to help someone access their email but did not know the proper settings, so they assisted with forwarding all the email and setup the phone to receive the forwarded mail.
Why Forwarding Your Email to A Free Email Provide is Bad
The costs associated with this can be tremendous. The primary cost is the considerable lessening of confidentiality. While it is true that most free email solutions provide encryption by default, these services are available to anyone on the web from any computer without restriction. Additionally, their password reset mechanisms are available to anyone on the web.
Beyond that, there is no incident response team attempting to identify unauthorized accesses. Furthermore, audits of who is accessing the system are not possible.
This sets up your organization for the possibility of a malicious individual creating a channel to read corporate email without detection. Take for example the FBI Conference call which was recorded by Anonymous. In this case, an FBI agent had apparently forwarded the conference call details to a free email provider, but the account password had been compromised by the hackers. The result was hackers recording the conference call, which ironically was related to hacking investigations, and posting it to the internet.
What is worse then someone posting the information to the internet? Someone not posting the information and silently, persistently reading the email and information without detection or limits.
In this case where a phone conference was hacked, the forwarding of email to a free email provider was used to further gain access to secure operations, in this case a conference call discussing current investigations. Without disclosing that this had occurred, the malicious individuals could have monitored the email for any other systems which they could access and maintained or even extended their access.
How To Prevent This
1. Block access to webmail providers
2. Monitor mail servers for email forwarding
3. Implement DLP systems
4. Ensure this behavior is restricted by policy
5. Train employees
As always, I welcome thoughts and suggestions.
No comments:
Post a Comment