IT Baseline Protection Manual T 5.72 Misuse of e-mail services
T 5.72 Misuse of e-mail services
Misuse of e-mail systems can take place at a variety of stages: at the sending workstation, within an Intranet, on a mail server or at a receiving workstation.
If access to a user's e-mail program or an organisation's e-mail system is not adequately protected, unauthorised persons might be able to manipulate these IT systems. The resulting, unnecessary transmission expenses might also be accompanied by damage caused through the impersonation of an authorised user.
Similarly, unauthorised persons must be prevented from reading e-mail. Confidential information could thus be disclosed, lose its value or be exploited to the detriment of the recipient.
Examples:
A department head briefly left his office with the IT system unlocked, the mail software on it still active, and user authentication already having been performed. A colleague who happened to pass by the office then played what he considered to be a great practical joke by using the department head's ID to send other colleagues "letters of notice" or work orders.
An employee uses his own business e-mail account to disseminate private opinions which could damage the reputation of his employer