You CANNOT block webmail - anyone can get around any blocks that you put up unless you completely block external Internet access. This is because ANY host on the Internet can act as a webmail host - you cannot block every site. This is utterly the wrong approach to information security.
First - you have to trust your staff to do what is authorised within policy or legal guidelines - when they are FULLY informed that is of their responsibilities.
Second - be completely open - all internet access should be logged if it is important to control what information flow you have. Of course, this is the same as a security pass system that logs who comes in and out of the company. Basic security.
Thirdly - as you have taught your children, every action has consequences which must be CLEAR to everyone.
This is all based on the absolute truth that you cannot stop information leaving the company - the employee leaves the office each evening and comes back in the morning. What do you want to do - do a Paycheck (the movie) on them?
All you can do is make sure that the person does not WANT to take the information or do something wrong with the information.
Then you make it ABSOLUTELY impossible for the person to do something without you knowing through good logging and analysis that is effective. This makes the consequences occur absolutely. That is the discipline.
Information security is a wet job as they say - not technology.
Slashdot Mirror
The technical description of the way filtering works in the UK http://nocky100.wordpress.com/2008/12/08/great-firewall-of-britain/
You CANNOT block webmail - anyone can get around any blocks that you put up unless you completely block external Internet access. This is because ANY host on the Internet can act as a webmail host - you cannot block every site. This is utterly the wrong approach to information security. First - you have to trust your staff to do what is authorised within policy or legal guidelines - when they are FULLY informed that is of their responsibilities. Second - be completely open - all internet access should be logged if it is important to control what information flow you have. Of course, this is the same as a security pass system that logs who comes in and out of the company. Basic security. Thirdly - as you have taught your children, every action has consequences which must be CLEAR to everyone. This is all based on the absolute truth that you cannot stop information leaving the company - the employee leaves the office each evening and comes back in the morning. What do you want to do - do a Paycheck (the movie) on them? All you can do is make sure that the person does not WANT to take the information or do something wrong with the information. Then you make it ABSOLUTELY impossible for the person to do something without you knowing through good logging and analysis that is effective. This makes the consequences occur absolutely. That is the discipline. Information security is a wet job as they say - not technology.