ASD-Cyber-Security-Bulletin-2014-06
26.10.2014 Views
Share Embed Flag

ASD-Cyber-Security-Bulletin-2014-06

ASD-Cyber-Security-Bulletin-2014-06

ASD-Cyber-Security-Bulletin-2014-06

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
mmdelrio

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Watch that Webmail<br />

Web-based email, or webmail, is a convenient<br />

way to communicate from anywhere, at any time.<br />

Webmail is email that is accessed through a web<br />

browser – such as Windows Live Mail, Gmail, Yahoo<br />

or email provided by Internet Service Providers.<br />

However, government agencies using webmail for<br />

business purposes should be aware of the security<br />

risks of this approach.<br />

Government agencies have their own security<br />

measures for handling email and other sensitive<br />

communications. Employees using a webmail<br />

account for sensitive business information<br />

will not have these same protections for their<br />

communications. This increases the risk of<br />

unauthorised disclosure – and in some cases, this<br />

may even breach legislative requirements.<br />

It is also important to note that agencies may<br />

not have full control over your data when using a<br />

webmail service. Service providers are subject to<br />

the laws and regulations of the country where they<br />

are based. This may involve a number of countries,<br />

depending on where the data is stored and<br />

processed and where it transits.<br />

Foreign governments may have the right to lawfully<br />

access the data held by the webmail service without<br />

user knowledge. It may also be difficult to sanitise<br />

or clean up data spills in the case of a data leak.<br />

<strong>ASD</strong> has seen malicious emails that have been<br />

sent to government agencies also forwarded onto<br />

users’ personal webmail accounts, which can lead<br />

to the compromise of the device used to access<br />

the webmail – such as a personal mobile phone<br />

or tablet. In some cases, the device may already<br />

be compromised (for example, if you are using a<br />

public terminal or a device running outdated and<br />

vulnerable software.)<br />

If you and your colleagues become accustomed<br />

to seeing webmail used for business, there is the<br />

danger that it will be more difficult to detect the<br />

commonly used intrusion technique of ‘spoofing’.<br />

This is where a webmail account is set up to appear<br />

as if it is a legitimate user, to trick the receiver<br />

into opening the email and clicking on a malicious<br />

link or attachment.<br />

If your agency does allow webmail use, it is recommended that you:<br />

• use your agency’s email service rather than webmail when accessing email from your<br />

work network<br />

• maintain separate accounts for work and personal purposes<br />

• send only publicly available, unclassified government information over webmail –<br />

never send sensitive or classified information<br />

• ensure that your webmail software is up to date with<br />

anti-virus installed<br />

• use a strong and unique password or multi-factor<br />

authentication to enhance the security of your account.<br />

More information is available at the <strong>ASD</strong> website in the Protect<br />

publication Implications of Using Webmail for Government Business.<br />

Issue #13 – June <strong>2014</strong> Page 4

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!