Text Size
WebSiteLogo-PrimaStasys
image02.gif

Email Confidentiality?

Attention: open in a new window. PDF | Print | E-mail

Wednesday, 10 March 2010 00:00

The good news is that this was just a dream, because had it been otherwise it might have been a nightmare.  Please imagine a hypothetical situation, here goes:

It is 8:30am one Monday morning. In walks Jack Brown (not his real name), Marketing Manager (could be anyone with access to confidential business information). He walks right up to the CEO and informs him that his laptop computer has been missing since Sunday (well, that's when it was no longer where it should have been).  Bill Blaster (not his real name either), CEO, replies that he has received an email from a competitor insisting that the confidential deal the company has been working on had better not go ahead.  Blaster immediately suspects that Jack's laptop has found its way into enemy hands! Sweating profusely, Jack wakes from his sleep.  The next day the company's IT expert is asked to comment.  What would you say if you were in his shoes?

The dream is over, but for Jack and Bill, there are a few sleepless nights ahead.  Why? Because they now realize that the company's preferred mail client is Microsoft Outlook. Like many mid-sized businesses, email is downloaded to local PST files. How difficult would it be to gain access to confidential files? Most uses simply suspend their laptops so that they start up more rapidly, and many have automatic logon to save time.  Oh, I almost forgot, this is all a dream and it would never happen like this in the real world. Right?

Today I was asked how a small business (35 employees with mobile computers) can secure the confidentiality of their email, without changing too much.  My advice: Do not store any mail locally on any laptop computer, not even in a local cache.  I suggested the use of IMAP, or better still, of web-based email.  My suggestions were initially not well received, but it seems the message has hit a home run - the company will change their email policies.  Finally information security is being taken a little more seriously.  As it happens, in the last 6 months three people lost their laptops - only one was found and returned.  Management are now most concerned to avoid information loss. Act now, before it is too late!  Review the security of your mobile information practices.  Don't wait for the horse to be out of the gate.