Using email drafts to move content through network security
I know the practice of using drafts to communicate has been well documented.
I have a more specific use case: An employee looking to move content in and out of a secure network.
We lock down USB, block cloud services, monitor emails, etc. However, we do allow webmail access to Exchange. Trying to understand 2 scenarios:
- Moving content out
- Employee composes email on work PC and attaches files or copy/pastes content
- Employee opens draft in webmail on personal device and downloads content
- Employee deletes draft email
This can be done in a matter of minutes and overnight backups would miss the draft if it was deleted.
- Moving content in (we do not allow any GPT use)
Employee uses an LLM on personal device and pastes output into draft email in webmail
Employee opens draft on work PC and downloads GPT content
Employee deletes draft email
Same as above, this would be done in a matter of minutes.
Locking webmail is not an option as senior execs use it. Key logging every employee not feasible either.
Thoughts? Suggestions?
