Paul F, a former school governor, reported that security shortcomings for the service ‘RM EasyMail' remain common in the schools sector.
During his time as a school governor, Paul F explained that the governors were encouraged to use school-assigned email accounts since their personal accounts were supposedly insecure.
“We were all allocated email accounts for the ‘RM Easymail' service. The emails containing our logins and passwords was sent to all of us, naturally, but after I looked at this web-based email service I refused to use it as it didn't appear to use encryption on the login screen,” Paul F is quoted as saying in The Register.
RM Education advised that the service can be used through SSL encryption, but each user must take action and allow a system admin to turn on SSL in the settings for each site to enable secure logins. RM would assist school domains with enabling SSL.
Paul F's experience using the service suggests that UK schools are probably not as aware of the importance of secure logins as they should be. “When I pointed out the lack of TLS for the mail login screen at the school, it fell on deaf ears. The irony was that RM EasyMail was introduced as a security measure, as using individuals' personal email accounts was deemed insecure,” Paul F added.