Monday, June 6, 2011

Control of Personal Email Systems

Recent phishing attaches from China through Gmail has been reported to have been directed to high level government officials. This raises the question as to why high ranking government officials are using Gmail. Presumably they have access to secure private email systems run by the government. Gmail is not necessarily a weak system security-wise, however it is public and high profile and more easily accessible then other private systems. Also, it is in the cloud.

One would think that high level government officials would be using the most secure email system possible, and Gmail does not fit this profile.

There are some possible explanations, according to a recent article in Computerworld. For example, it is noted that most users have two accounts - one for business and one for personal usage. Often gmail is the system of choice for the personal account. That in itself may not be a problem, but it does raise the question whether it is possible to fully separate your personal from your business email. A user might, for example, forward business emails to a personal account to facilitate off site access. Or might answer a business message from a personal account.

This common situation raises security issues for any enterprise. Should personal email accounts be banned? Probably not enforceable. Should their use be controlled? That can be done. And the Chinese phishing expedition has raised the issue to a higher level.

No comments: