Software applications exist to generate many different types of electronic mail. Web based e-mail software (web e-mail) allows users to access and send e-mail via standard Internet browser sessions. With today's pervasive networking systems such as local area networks (LANs), wide area networks (WANs) and the Internet, and software tools such as e-mail, it is very easy for individuals to send and read e-mail from different computers, computer systems and other individuals. As a matter of corporate security there is therefore a need to limit what e-mail users can read and access while viewing e-mail over unsecure channels such as the Internet, and while reading e-mail using unsecured non-corporate PCs (personal computers) using browser-based web e-mail such as Microsoft Outlook Web Access.
Typical web based e-mail systems allow the user to view any e-mail messages and attachments regardless of the sensitivity of the information contained in the e-mail. By definition, web based e-mail was designed to make it easy for users to view their e-mail wherever they are and whenever they want. Making e-mail access so easy also increases the likelihood of security breaches by orders of magnitude. Individuals passing by a user at a public kiosk can easily catch glimpses of secure documents or even see a user's entire logon name and password. Users can accidentally leave their account open when they leave a kiosk, so the next user will have complete access to all of their e-mails. And unless the web e-mail service is provided over a virtual private network (VPN)—and generally they are not—then the various Internet Service Providers, network Administrators and kiosk providers involved with the local system, may all have access to the e-mails. In addition, users with access to web based e-mail from their home computer may save sensitive e-mails or document attachments to their home PC, where the data will be beyond the control of the company they work for.
In addition, most web based e-mail systems keep a cache of e-mail read on the local computer. If the local computer is a public terminal, it is possible that anyone could view this e-mail information via examination of the cache. As a result, there is no current way to limit what e-mail can be viewed via web e-mail, and there is no way to protect e-mail information that is stored in the local cache of a publicly accessible computer.
In some jurisdictions, effective e-mail security is not just a matter of good business—it's the law. Compliance legislation such as the Sarbanes-Oxley Act in the United States (or more precisely, the Public Company Accounting Reform and Investor Protection Act of 2002), for example, requires that safeguards be put in place to ensure the accuracy of financial reports. These include security of electronic data against unauthorized access or change, both during transmission and in storage. In other jurisdictions, there can be great liability if personal client information is leaked or becomes public. Web e-mail provides more opportunities for these leaks to occur.
There is therefore a need for a method of and system for preventing users from viewing sensitive e-mail when viewed via web based e-mail systems.