Thread Options
#462189 - 11/28/05 05:42 PM Email -
LittleOne Offline
Member
LittleOne
Joined: Feb 2004
Posts: 67
Midland, Tx
question - what are problems with access to email being allowed from outside bank? Is penetration from this area a real problem?

Return to Top
Security - PUBLIC
#462190 - 11/29/05 02:11 AM Re: Email -
flaire Offline
100 Club
flaire
Joined: Sep 2005
Posts: 228
sw us
The list of risks is too long to go into here. Remote access to the bank's network is something that should be VERY limited and VERY controlled.
_________________________
Hello, triple a? I got locked out of my mind...

Return to Top
#462191 - 11/29/05 11:59 AM Re: Email -
CO IT Guy Offline
New Poster
CO IT Guy
Joined: Jan 2005
Posts: 12
OK
While there are risks associated with any kind of external access, the benefits of a properly implemented system to allow external access to email may often outweigh those risks. The key is proper implementation and security precautions to surround it.

The greatest risk would be for the login method to be compromised and allow an outsider to access a user's mailbox. This could compromise confidential customer information. Depending on how external access is implemented it may also allow access to the entire network. Another risk is that the email messages may be intercepted if they are not properly encrypted between the mail server and the client. There are additional risks as well.

Take an in depth look at why you think you need external access (Do you have users who work outside the bank who would benefit from having access to email externally or do they just think it would be nice to have?). Then you need to examine the necessary changes to your security policy, additional risk assessment requirements, and audit procedures that would go along with this system. Depending on the size of your organization and how many people will access email externally, auditing the system alone may be a full time job.

A user name - password implementation is not nearly secure enough. You will need to install a public key infrastructure at the very least. You'll also need to contract with an expert to set it up. A system that is secure enough to allow access while outweighing the associated risks will take a considerable amount of effort to implement and may easily cost more than you feel the access is worth.
_________________________
My comments and opinions do not represent legal advice nor the opinions of my employer.

Return to Top

Moderator:  Andy_Z