OT: Regarding checking emails in at work - crash security ;-)

Discussion in 'Computer Security' started by Annie, May 7, 2005.

  1. Annie

    Annie Guest

    Hi Guys,

    My work has blocked the only account that could use to check my personal
    emails. Its very crap i know that its not fair to use company's email
    address
    for personal use however if they block other ways how can we deal with it
    ....

    I just wonder is there any other ways to receive emails?, is there any other
    type of email accounts to open that they can't block? Is anyone else
    having this issue? Any other solutions?

    Ta
     
    Annie, May 7, 2005
    #1
    1. Advertising

  2. Annie

    Leythos Guest

    On Sat, 07 May 2005 23:59:14 +1000, Annie wrote:
    >
    > Hi Guys,
    >
    > My work has blocked the only account that could use to check my personal
    > emails. Its very crap i know that its not fair to use company's email
    > address
    > for personal use however if they block other ways how can we deal with
    > it
    > ...
    >
    > I just wonder is there any other ways to receive emails?, is there any
    > other type of email accounts to open that they can't block? Is anyone
    > else having this issue? Any other solutions?


    Unless your work requires that you use your PERSONAL email account for
    business, and I'm assuming they don't, what you are doing is theft of
    company resources and time. Checking your personal email has nothing to do
    with what they pay you for and should not be done on Company Time.


    --

    remove 999 in order to email me
     
    Leythos, May 7, 2005
    #2
    1. Advertising

  3. Annie

    Apollo Guest

    Re: Regarding checking emails in at work - crash security ;-)

    "Annie" <> wrote in message
    news:d5ihjm$lue$...
    > Hi Guys,
    >
    > My work has blocked the only account that could use to check my
    > personal
    > emails. Its very crap i know that its not fair to use company's
    > email
    > address for personal use however if they block other ways how
    > can we deal with it


    Get a different job, but nowadays most companies will object
    (quite rightly too) to employees using their machines/time to get
    personal emails.
    Check the IT policy carefully, if you continue and do find a way
    of getting around the block, they will probably be within their
    rights to fire you on the spot.

    --
    Ian
     
    Apollo, May 7, 2005
    #3
  4. Annie

    Jim Watt Guest

    On Sat, 7 May 2005 23:59:14 +1000, "Annie"
    <> wrote:

    >I just wonder is there any other ways to receive emails?, is there any other
    >type of email accounts to open that they can't block? Is anyone else
    >having this issue? Any other solutions?


    You will get little sympathy from most of the regular posters here as
    we are generally the guys who spend our time doing the blocking.

    The reason is that using wild email accounts is a security weakness
    and may result in the introduction of problems to a otherwise clean
    company network.

    The sensible solution is to keep your private email on a computer at
    home and use it in your own time where you can do whatever you
    want.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, May 7, 2005
    #4
  5. Annie

    Arthur T. Guest

    In Message-ID:<>,
    Jim Watt <_way> wrote:

    >On Sat, 7 May 2005 23:59:14 +1000, "Annie"
    ><> wrote:
    >
    >>I just wonder is there any other ways to receive emails?, is there any other
    >>type of email accounts to open that they can't block? Is anyone else
    >>having this issue? Any other solutions?

    >
    >The reason is that using wild email accounts is a security weakness
    >and may result in the introduction of problems to a otherwise clean
    >company network.


    Finally, someone mentions a reasonable purpose for such a
    policy!

    Usually when this question comes up (like this time), most of
    the responses have to do with taking company time and resources
    for personal uses.

    How many companies say *no* personal phone calls? E-mail is
    much more efficient than phone calls, in terms of both time and
    resources.

    But, the actual security aspect does make some sense. The
    private e-mail may not be going through the company's malware and
    spam filters.

    --
    Arthur T. - ar23hur "at" speakeasy "dot" net
    Looking for a good MVS systems programmer position
     
    Arthur T., May 7, 2005
    #5
  6. Annie

    Leythos Guest

    On Sat, 07 May 2005 14:15:50 -0400, Arthur T. wrote:
    >
    > In Message-ID:<>, Jim Watt
    > <_way> wrote:
    >
    >>On Sat, 7 May 2005 23:59:14 +1000, "Annie" <>
    >>wrote:
    >>
    >>>I just wonder is there any other ways to receive emails?, is there any
    >>>other type of email accounts to open that they can't block? Is anyone
    >>>else having this issue? Any other solutions?

    >>
    >>The reason is that using wild email accounts is a security weakness and
    >>may result in the introduction of problems to a otherwise clean company
    >>network.

    >
    > Finally, someone mentions a reasonable purpose for such a
    > policy!
    >
    > Usually when this question comes up (like this time), most of
    > the responses have to do with taking company time and resources for
    > personal uses.


    You can't tell me you some how missed that viruses are sent via email
    every day, that your personal email doesn't have the same protection as
    the corporate email (most times), or that you really think that security
    is the only significant reason - at least you can't if you've ever owned a
    business with employees.

    > How many companies say *no* personal phone calls? E-mail is
    > much more efficient than phone calls, in terms of both time and
    > resources.


    Most companies don't ALLOW personal calls, they tolerate it to a limited
    extent, but I've not seen a policy at any company that "permits" limited
    personal use of company phones.

    > But, the actual security aspect does make some sense. The
    > private e-mail may not be going through the company's malware and spam
    > filters.


    That's just one aspect of it, the resources/lack of productivity are also
    threats to the company, if you can't see those too then you are sorely
    lacking in ethics.

    --

    remove 999 in order to email me
     
    Leythos, May 7, 2005
    #6
  7. Annie

    Arthur T. Guest

    In Message-ID:<eb8fe.17151$>,
    Leythos <> wrote:

    >> Finally, someone mentions a reasonable purpose for such a
    >> policy!
    >>
    >> Usually when this question comes up (like this time), most of
    >> the responses have to do with taking company time and resources for
    >> personal uses.

    >
    >You can't tell me you some how missed that viruses are sent via email
    >every day, that your personal email doesn't have the same protection as
    >the corporate email (most times), or that you really think that security
    >is the only significant reason - at least you can't if you've ever owned a
    >business with employees.


    No. It's just that in various newsgroups, Annie's question
    has been asked several times, and usually the *only* reason given
    is theft of services/time. I was applauding Jim for giving a more
    technical reason.

    >> How many companies say *no* personal phone calls? E-mail is
    >> much more efficient than phone calls, in terms of both time and
    >> resources.

    >
    >Most companies don't ALLOW personal calls, they tolerate it to a limited
    >extent, but I've not seen a policy at any company that "permits" limited
    >personal use of company phones.


    I have.

    >> But, the actual security aspect does make some sense. The
    >> private e-mail may not be going through the company's malware and spam
    >> filters.

    >
    >That's just one aspect of it, the resources/lack of productivity are also
    >threats to the company, if you can't see those too then you are sorely
    >lacking in ethics.


    Or, perhaps it's that I've been salaried most of my working
    life (and mostly working with other salaried professionals). Most
    companies feel they should give you *something* for being on-call
    24/7, and allowing some personal use of the internet is a lot
    cheaper than paying you extra. In my previous company, it was
    even stated close to that, explicitly, in their policies.

    --
    Arthur T. - ar23hur "at" speakeasy "dot" net
    Looking for a good MVS systems programmer position
     
    Arthur T., May 7, 2005
    #7
  8. Annie

    Jim Watt Guest

    On Sat, 07 May 2005 18:21:03 -0400, Arthur T. <>
    wrote:

    > Or, perhaps it's that I've been salaried most of my working
    >life (and mostly working with other salaried professionals). Most
    >companies feel they should give you *something* for being on-call
    >24/7, and allowing some personal use of the internet is a lot
    >cheaper than paying you extra. In my previous company, it was
    >even stated close to that, explicitly, in their policies.


    On the subject of phone calls, we had one secretary who was
    costing me around $50pm in local phone calls. She went.
    Anything apart from local calls being picked up by item billing.

    However, I've spent hours clearing up messes on peoples
    machines caused by downloading fancy cursors, so called
    'screen savers' toolbars and crapware, most of the actual
    virus's are trapped by software. The other stuff just cripples
    productivity. But new threats emerge every day.

    Last week there were two cases of something nasty caused
    by web browsing, which together generated three hours of
    billable time and a lot more written off to research.

    Another threat is instant messaging, which takes time and
    now has the prospect of downloading unwanted crap.

    Apart from being direct time wasters, these things consume
    resources and prevent the equipment and people working
    productively at the best. Imagine what happens when they
    crash machines and delete important data.

    These are the small nasty time consuming and wasting issues
    that we face in computer security every day, so the attitude
    of 'I want to do my private email at work' does not atract
    much sympathy.

    One bank with very tight security put a PC in the staff room
    that anyone could use on their breaks for this purpose.

    That is a reasonable approach. Perhaps it should also have
    the kind of system found on kiosk appliances where the
    operating enviroment is restored from a secure mirror after use.

    But the better solution is do the private stuff at home.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, May 8, 2005
    #8
  9. Annie

    Leythos Guest

    On Sat, 07 May 2005 18:21:03 -0400, Arthur T. wrote:
    >
    > No. It's just that in various newsgroups, Annie's question
    > has been asked several times, and usually the *only* reason given is
    > theft of services/time. I was applauding Jim for giving a more
    > technical reason.


    But you seem to have missed the fact that "technical" has little to do
    with it. Sure, Jim presented something you/op wanted to hear, as neither
    of you wanted to hear about Cost/Resources and the difference between
    Company / Personal, but it's every bit as valid as security. In most
    places the loss of productivity or real $ will be greater for the personal
    use than for the security incident, as most people feel that it's OK to
    use the computer/phones for personal business, but few of them will do
    something personal that compromises the computer (that they would not have
    done for business that wouldn't have compromised it).

    We had one chap I fired for excessive personal use of Computer and Phone.
    We implemented a content filter on our firewall and he started complaining
    right away - it turns out he was a "day trader" and would spend about 2
    hours per day making online trades from work. Once we stopped his online
    trading he would use the company phones to call and get status/trades,
    even missing client meetings because of it.

    Now, the above was not a security threat, but it cost us at least 2 hours
    a day until we uncovered it - actually, it was a new firewall that we were
    testing and we were aware of his abuses and implemented filtering in order
    to prove it - all employees had been warned about personal use being
    against the company rules/policy.

    We had a number of instances were developers would come to work early and
    stay late to view porn over the company network - once we printed the
    firewall logs and posted them it stopped. Same for IM and Webmail, posted
    the logs, even did a time/cost calculation and posted it, and it stopped.

    We I took over another branch I found one chap that had been on-bench (not
    working with a client/project) for almost a year, during that time, he was
    using company computers for "learning" in order to make himself more
    desirable on a team. As it turned out, he was doing part-time work inside
    our company for a competitor and using company resources to do it - I
    found the call logs and firewall logs and even the documents in his name
    on the competitors electronic letter-head......

    So, it's not just about the security aspect of personal use of network
    resources or telco resources, it's about theft, abuse, etc..... If you
    could get a good handle on your company you would find more cost
    associated with "personal" use activities than the security breaches they
    caused during "personal" use times.

    Something to think about.

    Oh, one other thing - even if you are on-call 24/7, the company doesn't
    OWE you anything. You asked for the job (or accepted it) and that doesn't
    give you the right to take company resources without their expressed
    permission. That includes pens, paper, staplers, software licenses, or the
    toilet-paper in the bathrooms :)

    --

    remove 999 in order to email me
     
    Leythos, May 8, 2005
    #9
  10. Annie

    andy smart Guest

    Leythos wrote:
    > On Sat, 07 May 2005 18:21:03 -0400, Arthur T. wrote:
    >
    >> No. It's just that in various newsgroups, Annie's question
    >>has been asked several times, and usually the *only* reason given is
    >>theft of services/time. I was applauding Jim for giving a more
    >>technical reason.

    >
    >
    > But you seem to have missed the fact that "technical" has little to do
    > with it. Sure, Jim presented something you/op wanted to hear, as neither
    > of you wanted to hear about Cost/Resources and the difference between
    > Company / Personal, but it's every bit as valid as security. In most
    > places the loss of productivity or real $ will be greater for the personal
    > use than for the security incident, as most people feel that it's OK to
    > use the computer/phones for personal business, but few of them will do
    > something personal that compromises the computer (that they would not have
    > done for business that wouldn't have compromised it).
    >
    > We had one chap I fired for excessive personal use of Computer and Phone.
    > We implemented a content filter on our firewall and he started complaining
    > right away - it turns out he was a "day trader" and would spend about 2
    > hours per day making online trades from work. Once we stopped his online
    > trading he would use the company phones to call and get status/trades,
    > even missing client meetings because of it.
    >
    > Now, the above was not a security threat, but it cost us at least 2 hours
    > a day until we uncovered it - actually, it was a new firewall that we were
    > testing and we were aware of his abuses and implemented filtering in order
    > to prove it - all employees had been warned about personal use being
    > against the company rules/policy.
    >
    > We had a number of instances were developers would come to work early and
    > stay late to view porn over the company network - once we printed the
    > firewall logs and posted them it stopped. Same for IM and Webmail, posted
    > the logs, even did a time/cost calculation and posted it, and it stopped.
    >
    > We I took over another branch I found one chap that had been on-bench (not
    > working with a client/project) for almost a year, during that time, he was
    > using company computers for "learning" in order to make himself more
    > desirable on a team. As it turned out, he was doing part-time work inside
    > our company for a competitor and using company resources to do it - I
    > found the call logs and firewall logs and even the documents in his name
    > on the competitors electronic letter-head......
    >
    > So, it's not just about the security aspect of personal use of network
    > resources or telco resources, it's about theft, abuse, etc..... If you
    > could get a good handle on your company you would find more cost
    > associated with "personal" use activities than the security breaches they
    > caused during "personal" use times.
    >
    > Something to think about.
    >
    > Oh, one other thing - even if you are on-call 24/7, the company doesn't
    > OWE you anything. You asked for the job (or accepted it) and that doesn't
    > give you the right to take company resources without their expressed
    > permission. That includes pens, paper, staplers, software licenses, or the
    > toilet-paper in the bathrooms :)
    >

    We block access to 'personal' email accounts here really only because of
    security - basically our staff are in their classrooms teaching when
    they're at work and they can't email while doing that! We do allow
    access to particular webmail systems where they are needed for work, or
    by appointment at a set time where there is genuine need. But generally
    not. If your company is small you might be able to negotiate something
    for lunchtimes or some such though..
     
    andy smart, May 9, 2005
    #10
  11. Annie

    test Guest

    Leythos wrote:

    > On Sat, 07 May 2005 14:15:50 -0400, Arthur T. wrote:
    >>
    >> In Message-ID:<>, Jim Watt
    >> <_way> wrote:
    >>
    >>>On Sat, 7 May 2005 23:59:14 +1000, "Annie" <>
    >>>wrote:
    >>>
    >>>>I just wonder is there any other ways to receive emails?, is there any
    >>>>other type of email accounts to open that they can't block? Is anyone
    >>>>else having this issue? Any other solutions?
    >>>
    >>>The reason is that using wild email accounts is a security weakness and
    >>>may result in the introduction of problems to a otherwise clean company
    >>>network.

    >>
    >> Finally, someone mentions a reasonable purpose for such a
    >> policy!
    >>
    >> Usually when this question comes up (like this time), most of
    >> the responses have to do with taking company time and resources for
    >> personal uses.

    >
    > You can't tell me you some how missed that viruses are sent via email
    > every day, that your personal email doesn't have the same protection as
    > the corporate email (most times), or that you really think that security
    > is the only significant reason - at least you can't if you've ever owned a
    > business with employees.
    >
    >> How many companies say *no* personal phone calls? E-mail is
    >> much more efficient than phone calls, in terms of both time and
    >> resources.

    >
    > Most companies don't ALLOW personal calls, they tolerate it to a limited
    > extent, but I've not seen a policy at any company that "permits" limited
    > personal use of company phones.
    >
    >> But, the actual security aspect does make some sense. The
    >> private e-mail may not be going through the company's malware and spam
    >> filters.

    >
    > That's just one aspect of it, the resources/lack of productivity are also
    > threats to the company, if you can't see those too then you are sorely
    > lacking in ethics.
    >

    You forgot to add one other reason for disallowing Personal Email Account
    Usage through company hardware:

    Transmission of sensitive/private company data through alternate channels
    that isn't detected by internal company audits
     
    test, May 20, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    1,053
    Boomer
    Jan 5, 2004
  2. Bill Zipp

    Checking Yahoo! Mail causes crash.

    Bill Zipp, Jan 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    639
    Alexander Rogge
    Jan 12, 2004
  3. Polite
    Replies:
    4
    Views:
    1,208
    Polite
    Feb 24, 2004
  4. Bluesky

    Email Crash - lost 24 hr of emails

    Bluesky, Aug 23, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    465
    Rob Burghdoff
    Aug 23, 2005
  5. AmyGG

    checking multiple emails

    AmyGG, Apr 17, 2006, in forum: Computer Support
    Replies:
    2
    Views:
    330
    Jimchip
    Apr 18, 2006
Loading...

Share This Page