By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Fortunately, it is also relatively easy to clean out this cache and other information related to your Internet café session, including cookies, after your session. You can use the browser menu (Tools/Internet Options in IE and Tools/Options in Firefox). In fact, this should be second nature to anyone who uses a public terminal to check email. A responsible Internet café will remind you of this; some even provide an automated end-of-session cleanup process. To be safe, however, make sure to do it yourself. You can also set a browser not to cache any pages, but this setting can slow performance, and it may not be available on a public terminal.
Some readers will be aware that Web pages themselves can be created with a "no-cache" setting. You can verify such restrictions when you view the page source of a message in Yahoo Mail, for example. The "no-cache" instruction is generally respected by the browser cache and caching servers used by ISPs. The latter are another place from which your email could be illicitly retrieved by someone with sufficient SRM: skills, resources and motivation. Anyone checking email in public places should have an "SRM index" in mind. Is the email so sensitive that someone would apply a serious amount of skills, resources and motivation to obtain it?
The specific vulnerability involving Gmail and Microsoft Internet Explorer, recently publicized by application security vendor Cenzic, requires serious SRM. Other attacks could be easier, like putting a keystroke logger on a public computer or "shoulder-surfing" to capture messages as a user types them.
If you are accessing email wirelessly in a public place, someone could be sniffing the airwaves. Therefore, your precautions and countermeasures should be appropriate to the sensitivity of the data that is potentially exposed. For example, if you have internal sales data that must be transferred securely, encrypt the information and send it as an attachment to a message that says something innocuous like "Here is the data you requested."
In other words, risk is relative. A good rule of thumb is not to send or receive mission-critical data from a public place via webmail unless your company has put some serious rules and safeguards in place and cleared you to do so.
Dig Deeper on Email Security Guidelines, Encryption and Appliances
Related Q&A from Michael Cobb
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held ...continue reading
A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks ...continue reading
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.