T 5.72 Abuse of groupware

The abuse of groupware systems may start at different points, with the users, in the internal network, with one of the transmitting groupware or email servers, or with the recipient of messages.

If access to the groupware applications for users or to the groupware system of an organisation is protected insufficiently, an unauthorised person may gain unauthorised access to perform manipulations. In this case, an unauthorised person may cause damage, in addition to the transmission cost, by pretending to be an authorised person .

Likewise, it must be prevented that information can be read by unauthorised persons in closed groupware systems. Confidential information may be disclosed, lose its value, or may be used to the disadvantage of the recipient this way.

Examples:

• A department manager left her office for a short period of time without securing the IT system the groupware program had already been started on and she had already been authenticated for. A colleague passing by coincidentally thought it would be a good prank to send other colleagues "dismissals" or assignments using the email ID of the department manager.
• An employee used his official email address in order to spread private opinions potentially damaging to the reputation of his employer.
• In order to not to have to re-enter frequently repeating email addresses, a "speaking" representation may be selected for email addresses by granting alias names, or it is also possible to conveniently select a larger group of recipients by creating mailing lists. If such alias names or mailing lists are changed without authorisation, an email may be prevented from being forwarded to a desired recipient or may be forwarded to an unintended recipient. Alias files or address books managed in a centralised manner are particularly at risk in this case.