- The Australian Defence Force (ADF) has banned personal email accounts by employees because of security fears.
Personal email, such as Hotmail accounts, can bypass network firewalls leaving organisations vulnerable to attack and follows similar moves by other Federal agencies.
Bernard Hill, senior manager corporate services for government security provider 90East (Asia Pacific), says a lot of money is spent by the government keeping hackers at bay and protecting networks.
"The ADF employing this tactic is no different to any other employer doing the same. Most reasonable-size companies have intellectual property issues and (there's a) risk that employees could use their personal email accounts to forward information," Hill says.
Patrick Hannan, defence information systems head for the ADF, says web-based email sites will be "blocked" at the firewall once a formal notice is issued to all personnel.
"We are not banning the use of Hotmail (-like accounts) by Defence personnel, but within the organisation personnel should use the standard email client. This action is about firewall protection … obviously there is also an element of national security as well," he says.
Hannan says receiving email from such accounts was fine, as well as the use of them outside the confines of the organisation.
"But the opening up, downloading of mail and sending of this mail on computers connected to the Defence server, would be regarded as a security breach," he says.
"It would be impractical to ban all sites that have web-based email as some are a valid resource. We will simply monitor the use of these sites."
Hannan says possible penalties for Defence personnel who refuse to abide be the directive, or continue to use these sites, may include loss of internet privileges.
Currently, all outgoing Defence email has to include 'sec: unclassified' in the subject line to pass through the firewall, otherwise it is rejected. Hannan says with internet-based email accounts there is no firewall for email to pass through as all traffic is read as 'HTTP'.
Hill says a directive of this kind within Defence will not have much impact as all personnel have access to a Defence email address.
"A directive of this nature means that Defence personnel would be less likely to send their CVs out," he says.
A spokesperson for the Department of Immigration and Multicultural Affairs says web access within the agency is open, however security protocols are in place for information which does not pass through the firewall, such as the use of Hotmail-like accounts.
"We have banned the protocol that Hotmail is using," the spokesperson says. An internal administrative instruction on the protocol of email use and abuse has been circulated within the department.
Although the Department of Treasury does not block the use of web-based email accounts, a spokesperson says there is a policy that the internet is for 'work use only', and that usage is monitored and tracked.