So where does awareness of security matters start?  That is a question I was pondering this morning after discussing and offering advice on access to a company email account by an ex-member of staff. The issue here was that the ex-staff member had used the company email account for private use and needed access to their ‘private’ email.  It’s an issue that would not have occurred if the company in question had a formal acceptable use policy (AUP) as part of the contract of employment that stated not just what could and could not be done, but also what would happen to any ‘private’ data under various circumstances such as leaving the employment. Alas, the company does not have an AUP and private use of email is common.  Since private emails are ‘private’ to the individual (reference the Data Protection Act), they should not be accessible to other people in the company whether they are managers or not.  Leaving an employment does not change this but it is fairly common practice to make an ex-employees email available to their line manager for a period of time. So is ‘security’ awareness as or more important to managers in a company than the staff? 

Answers as usual to this blog.

This Blog has been written by ISAF Blog team member Peter Wenham, CISSP

Delicious

Digg

Reddit

Facebook

StumbleUpon