Back

Changes coming to personal e-mail access

(Download Image)

As part of the Laboratory’s continuing effort to improve its cyber security posture — and adjust to evolving cyber threats — a new technical service will go into effect in March to strengthen the Lab’s defenses against certain cyber attacks.

"The new security measure will bring added protection to LLNL computer systems," said Ken Neves, the Lab’s chief information officer. "Unfortunately, it also will limit the number of Web mail services that can be accessed for private e-mail accounts."

Effective March 1, only Yahoo, Google and Hotmail users will be able to access personal e-mail accounts via Laboratory computers. "We realize this might be an inconvenience for employees who may get their personal e-mail via AOL or Comcast or another carrier," Neves said. "But we believe we can limit and protect the Lab from attachment-borne threats by limiting personal use to these three Web mail providers and by implementing the same attachment blocking capabilities we use for Lab e-mail."

Attempts to read e-mail by browsing other sites such as AOL or Comcast will fail with an "Access Denied" message. Only Yahoo, Google and Hotmail will be available for personal e-mails. The reading of Lab e-mail via software such as Eudora or Outlook will not be affected.

The new security measure represents an additional protection against attacks that exploit security weaknesses in e-mail through Web browsers. Many agencies (such as the Department of Defense) have banned personal Web mail entirely.

Neves noted that LLNL management has chosen a middle course that reduces cyber risk while still allowing access to a limited number of the most-used offsite e-mail servers that provide significant security protections of their own. In addition, the Lab will add protections regarding attachments to such e-mail. This service will be provided on a best-effort basis, and there may be times when access to one or more of the sites will be curtailed for a time.

Neves noted that there may be questions on the implementation of this new policy.

"We realize this is a change from what has been our norm and we want to understand all issues employees might have regarding this. If employees have a business need for Web mail that cannot be met, they should contact their IT manager for help," he said.

Top cyber tips:

  • Don’t open e-mail attachments from unknown sources or click on suspicious links.
  • Ensure that your computer has the most recent operating system security patches.
  • Ensure your antivirus application is installed, functioning and updated with the latest software.
  • Ensure that your computer periodically scans all files for viruses.
  • As always, if you notice suspicious cyber activity, notify your OISSO, ISSO or CSP for assistance.
Feb. 22, 2008