Unsecured, shared email boxes of senior personnel are a security loophole email management specialist Mesmo has warned.
The consultancy found that poor HR and IT policies mean many senior executives who share their inboxes do not encrypt attachments or have policies in place that safeguard confidential information.
“With proper guidelines and training, shared inboxes need not be a problem. But human error is creating real security breaches, said managing partner and founder of Mesmo, Monica Seeley.
The problem is not confined to personal assistants who look at highly sensitive documents in error, points out Ken Munro, managing director of SecureTest security consultancy. “(Only) a very small number of IT staff need email administration rights but these privileges are often extended to many in the team”, he said.
Inboxes of very senior personnel tend to be left open because if the managing director or PA has a problem, they shout for IT first”, said Munro. The downside of this support insurance safeguard, he added, is that, “Organisations place too much trust in individuals who are hired for their technical skills.”
The Terence Higgins Trust is looking into email encryption as it expects to start doing more work with external NHS agencies. At present it relies on confidentiality agreements, “We’ve got strong policies – we’re an HIV charity”, says Trevor McCabe, network and communications officer.
McCabe administrates shared inboxes from Active Directory and says they would only pose a problem if someone left and their access rights were not removed.
Munro advocates public key infrastructure technology which, he says, can be used seamlessly and effectively in email.
Seeley of Mesmo recommends tightening up HR policies in conjunction with better security. “Too many companies think that putting a confidentiality notice at the foot of an email protects them - by the time most people see the notice it has already been read.”
Find your next job with computerworld UK jobs