Pat,
Same as Joe noted. We do two other things to mitigate the threat which are:
1. Use limited DNS filtering (just known bad actors) via the free version
of OpenDNS (now Cisco Umbrella), and
2. At the desktop, we apply a control (with GPO) to give users elevated
privileges via "logged-on user" attribute which prevents peer-to-peer
connectivity since an individual is only logged on to one physical machine at a
time.
.KevinF.
541-388-6529
From: oagitm-bounce@xxxxxxxxxxxxx [mailto:oagitm-bounce@xxxxxxxxxxxxx] On ;
Behalf Of Joe Sadony
Sent: Thursday, February 22, 2018 2:32 PM
To: 'Pat.Hartley@xxxxxxxxxxxxxxxxx' <Pat.Hartley@xxxxxxxxxxxxxxxxx>;
oagitm@xxxxxxxxxxxxx
Subject: [oagitm] Re: Quick Poll - Personal Email Access?
Hi Pat,
Considering just email...
a. We allow incidental use of the PC during breaks/lunch. As long as it
does not affect the work performance or environment.
b. Modern desktop/network virus defenses and mail scanners do a good job
of thwarting malicious email attachments. Malicious content, like ransomware
or phishing, needs to be handled with a combination of firewall address
filtering and end user education. Nether are perfect. I see no difference in
threat between personal Gmail or business email accounts. I would not support
the use of thick email clients (Outlook or otherwise) to access personal email.
It would be via web browser.
Kevin may have a difference spin on this.
Joe
From: oagitm-bounce@xxxxxxxxxxxxx<mailto:oagitm-bounce@xxxxxxxxxxxxx>
[mailto:oagitm-bounce@xxxxxxxxxxxxx] On Behalf Of Hartley, Pat
Sent: Thursday, February 22, 2018 8:02 AM
To: oagitm@xxxxxxxxxxxxx<mailto:oagitm@xxxxxxxxxxxxx>
Subject: [oagitm] Quick Poll - Personal Email Access?
Howdy folks!
Gresham has a long tradition of allowing access to personal email (like Gmail)
via web browser from City owned computers.
I have been working up a plan to shift that practice and mitigate the risks it
represents and I was hoping that you guys could help me out by answering the
following two questions for me. I am happy to compile the results and present
them back to the group when we are done if you would like.
1) Does your organization allow staff to access personal email from city
owned devices?
a. If not, do you provide alternatives for them? Could you explain?
b. If you do allow access, are there checks in-place to mitigate any
perceived threats? Could you explain?
Thanks so much for your time and input!
~Pat
Pat Hartley, IT Director | City of Gresham
Skype<im:%3csip:pat.hartley@xxxxxxxxxxxxxxxxx%3e> |
Pat.Hartley@xxxxxxxxxxxxxxxxx<mailto:Pat.Hartley@xxxxxxxxxxxxxxxxx> |
503.618.2520
1333 N.W. Eastman Parkway | Gresham, OR 97030-3813
[banner2small]<http://greshamoregon.gov/>