SW said:
Hi,
How do people handle confidential emails in Outlook? Is it possible to move
them to a folder and then password protect it?
I'm talking about an organisation with mixed Outlook versions XP to 2007,
and Exchange 2007. Sometimes, if an employee is on holiday, their boss will
need to check their email, if they've forgotten to set up any forwarding
before they went. Is there any way to protect stuff within Outlook in that
case? What is the best way in this example?
Thanks,
SW
If it is e-mail sent to work, then it had better be work-related e-mail.
It is THEIR property, not yours. Controlling who can access whose
mailboxes is an Exchange admin's task, like assigning delegates to other
user's accounts. Nothing you receive or send at work should be hidden
from your manager, his manager, or anyone with authority to interrogate
and use your mailbox. Should you ever get terminated there, they have
the right to file suit against you for theft of THEIR property if you
don't surrender the means of accessing ALL e-mails that went through
your company's e-mail account.
If you want to do personal e-mails at work and are frightened that their
content is exposed to your boss, use a webmail interface to your own
PERSONAL account somewhere else. However, remember that ALL traffic
over the corporate network can be monitored and recorded. Again, it is
THEIR property and it is also likely that policies exist that permit
them to monitor all their traffic and to which you agreed when you hired
on there. If you don't want their sniffers recording your personal
e-mail traffic then using SSL to connect to the webmail client for your
personal e-mail account, or use e-mail certificates to encrypt your
e-mails (you invite others to encrypt their e-mails to you by sending
your public key to them in a digitally signed e-mail). However, anyone
that can log onto your host using your credentials can decrypt those
encrypted e-mails. If you leave the company, you could delete the
e-mail certificate. If you get fired, it's likely your accounts have
already been frozen by the time you get notified of your firing. Again,
all of those e-mails are the property of the company and you can be
legally commanded to surrender their content or access to them.
Personal e-mails can be embarrassing to a company, expose the company to
legal liabilities, can damage their corporate image, and have been used
in lawsuits against them. If you want to do personal e-mailing at work
(and are permitted to do so since some companies even restrict that
Internet traffic by policy or with site/content filters) then use the
webmail client to your personal account and use SSL to protect its
content. If the company lets you connect your *personal* laptop to
their network (not likely since they want to control what is on the
laptop and don't want rogue hosts invading their network) then ask them
if it is okay to receive personal e-mails at work; however, you might
still want to keep personal and work e-mails separate by using different
mail profiles: one for work and another for personal use. Use SSL when
connecting to the POP/IMAP/SMTP mail hosts for your personal e-mail
provider (else it is traffic that the company's packet sniffers can
capture and be readable to whomever sees those logs).
A different mail profile will use a different or separate .pst file
which would keep your personal e-mails under your personal mail profile
separate of your work e-mails under your work mail profile. However,
anyone that can logon under your credentials or take ownership of your
files (i.e., administrators) can still access the .pst file under your
personal mail profile. After all, the file is on THEIR property (i.e.,
their computer that they allow you to use to perform your work tasks and
for which you get paid to perform). You could encrypt that .pst file to
prevent someone from accessing and looking inside of it - but be sure to
delete that file if you leave the company since they can legally force
you to divulge the content of any files you leave on their property. Of
course, if you get fired, you won't be able to delete the personal .pst
file because you won't be able to logon to your computer when you arrive
in the morning or after your unannounce "meeting" with the boss
(assuming you aren't escorted out the building rather than allowed to
return to your desk unescorted).
Best is to keep your personal files off company property, like your
personal e-mails. Use SSL when connecting to your personal e-mail
account when you are using company resources.