Major compromise of security results from use of Gmail account by employee
Date: Monday, 17 September 2007 @ 22:48:05 EDT
Topic: Law & Legalities

I am forwarding an important article highlighting the security implications of employees reflecting business e-mail to a Web-based e-mail account:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9036938&source=NLT_PM&nlid=8

In this case, an employee of MediaDefender, Inc., a company specializing in assisting movie studios and recording companies in preventing illegal copying of their copyrighted materials online, forwarded highly sensitive corporate e-mail to his Google e-mail account. A group that opposes MediaDefender’s activities hacked the Gmail account (most likely because of simple password on the account) and made nearly 6,000 of MediaDefender’s e-mail available to the public. This should serve as a reminder to have clear policies with employees regarding the forwarding of business e-mail to Gmail and other types of personal accounts that could seriously compromise corporate security.

Michael R. Overly, Esq., CISSP
Foley & Lardner LLP
2029 Century Park East
35th Floor
Los Angeles, California 90067-3021
Telephone: 310-277-2223
Facsimile: 310-557-8475









This article comes from cissp CISSP training Certified Information Systems Security Professional
http://www.cccure.org

The URL for this story is:
http://www.cccure.org/modules.php?name=News&file=article&sid=1192