T 2.55 Uncontrolled use of Groupware

If the use of Groupware systems is controlled insufficiently, there is the risk that sensitive data can be accessed by unauthorised persons or does not reach the intended destination in time.

Examples:

• An incorrect address in emails may result in the transmission of the emails to unauthorised recipients.
  
  If mailing lists are not maintained, emails may be transmitted to recipients who should have been excluded from transmission.
• A lack of or poor organisational rules on part of the recipient may result in a received email being processed too late.
• A lack of or poor organisational rules on the part of the sender may result in not being able to meet the promised time for sending the data.
• If the data is described insufficiently during data exchange using Groupware applications, the other users often are not able to comprehend who entered or sent the data, which information it contains, whether the data is still up to date, or which purpose the data is intended for.
• An employee of a federal agency forwarded all emails from his mailbox at work to his email mailbox. The private PC of this employee was compromised by malware and all official data in the private mailbox was stolen, including confidential files and access data. This information was used for further attacks on official systems of the agency.