Given the importance of security as with any other computer applications, you have to be careful when an alarm is rang over any applications. The fact that reports have emerged that some employees for big firms can utilize RPC rather than HTTPS to access their corporate e-mails minus necessarily utilizing VPN connections is alarming.
Mitigating the Challenge
However, the measure first mitigate the challenge that springs to mind with regard to this is to close it, but how do you do this with minimal effects. So when it emerged that there is a way you can set up Microsoft Outlook client to access corporate e-mail regardless of VPN software usage, I got alarmed.
This posses a potential security threat to thousands of vital information, ideas about innovations amongst a host of other personal information you would not want out there. Previously, surpassing VPN was only possible through the use of RPC as opposed to HTTPS, but the new method raises security eyebrows. First of all, the use of RC as opposed to HTTPS even though it might feel secure in its transit, it does not offer encryption at rest subsequently exposing a company data and information to increased risk.
Thus if a company’s only exception to its remote access requirement is the use of Microsoft’s Outlook Web Access when not in the company’s corporate network using a shared computer, being able to access the corporate information minus VPN usage sends shivers across many corporate.
As it stands, an employee can only employee can leave their e-mail on a shared system if the browser has been closed for some time is if the employee takes the additional step of saving the e-mail to their PC. However, that is highly unlikely to happen. Therefore, this brings me back to the new method of beating the system through the by pass of the VPN in a network.
What this means is that if a company’s firewall permits outbound POP and IMAP, the corporate company’s employees can, through Outlook clients, get mail from other accounts for instance web mail, thus portending huge risks for the company and individuals. The risks of such a move cannot be understated, for instance, to begin with; any send mail to such corporate company may pass its spam filters for such users and additionally expose the individual to phishing missions and other numerous security threats.
Security Threat Made Tougher
What compounds the problem further is the fact even the company itself might not be in a position to know if the external server being used by the client is not the same being used for spams by whoever is sending the spams. That in essence could get that particular company in deep trouble s it faces the risk of being blacklisted. Add that to the fact that, even if an employee were using the secured connections, the company would still not be able to go through the content of its mails even if it had software to prevent data leaks.
Companies have to take drastic and fast measures to mitigate such emerging threats to data security and to protect their clients. However, the measures have to be weighed and proportionate to prevent going overboard, for instance shutting the system down, as the consequences have to be pondered as well.