On 2016-03-15 14:15, Ted Mittelstaedt wrote:
I agree with you on that one. There's a big push among colleges to push
students to use their "blessed" mailsystems. They don't want students
emailing instructors from the student's gmail account, they want the
students emailing the instructors from the college-provided gmail account.
I would too. If nothing else, this prepares students for the real world,
where you can't just use your own random @gmail.com account for business
purposes either.
I've walked away from a university study after getting an email from and
CC'd to some random @gmail.com/@hotmail.com addresses requesting further
medical information to confirm placement in the study. I filed an
official ethics complaint as the preliminary medical information I
submitted was supposed to be held safely and all data is supposed to be
protected, revealed only to me, my doctor, and otherwise anonymized
before any dissemination, yet was CC'd to multiple providers and now is
subject to their marketing department's whims, within the range of third
party privacy policies in other countries.
Information security is hard, mostly because of users, and it takes
practice. Accepting and trusting inbound email from random addresses is
what brings us to
https://krebsonsecurity.com/2016/03/thieves-phish-moneytree-employee-tax-data/
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren