The Register reports that "Merrill Lynch today introduced a company-wide ban on access to third-party email services from corporate PCs.
In a memo to staff, the investment banker said it was prohibiting workers from picking up or sending email through Hotmail, Yahoo, AOL and the like because of "regulatory requirements" and as a means to cut off a possible route by which viruses might enter its network."
Will this be effective and should your own company follow suit? Good questions. While shutting off standard email access to third party providers is a good way to keep non-work related email communication at a minimum, it's not a slam-dunk for security.
If the corporate email gateway is inspecting all incoming mail for viruses, it shouldn't matter what email provider they're coming in on.
Secondly, this kind of restriction often gives rise to 'work arounds' from employees. Users could begin accessing their email accounts through encrypted SSL or using encryption for personal email to circumvent the policy and defy detection.
That's not to say putting a policy like this into place doesn't make sense. But don't forget to factor in the ways employees may attempt to get around it when setting and enforcing the policy. And definitely don't stop inspecting all incoming mail, no matter what account it's to, for possible viruses. Sure, it might be more common for something nefarious to be attached to an HTML-format email for Viagra spammed out to aol accounts, but a virus can also be lurking in an approved corporate memo from an internal, infected machine.
Posted by Diana at August 11, 2003 07:16 AM