Personal Email Accounts: How They Affect Business Security
With email security incidents on the rise, good business email practices are becoming more crucial to protecting your firm from internal and external security threats. Soteria often works with companies, some with millions of dollars in revenue, who still use personal email addresses for business use. While Soteria sees the simplicity and cost-effectiveness of using a personal email, we want to provide you with a few security-based arguments against this poor business habit.
- Looks phishy: Receiving an email from an address that does not match the website domain of the business raises eyebrows. When Soteria receives email sent from a personal email address claiming to be a representative of a business, we often question its legitimacy. (Your customers likely do the same!) Because email addresses are easy to come by, there is no barrier keeping hackers from setting up a free email account and sending messages posed as your business.
- Potential loss of company data: In the event an employee leaves your company, you should have security practices that prevent your business data from leaving with him or her. If your company allows for the use of personal emails for business, you are risking your employee being able to walk off with your client information, business data, and intellectual property. Because you do not own the account, it will be more difficult for you to gather all data, documents, and conversations that were sent via email during employment.
- Inability to stop correspondence post-employment: In the event an employee leaves your firm, you will not be able to easily stop them from continuing conversations with your customers, vendors, etc. It will appear to be “business-as-usual” if an ex-employee continues using their personal email address to correspond with your business’ contacts.
Once your business emails are set up, enforce their use. The security of your business can only be as strong as your ability to enforce the policies you have in place. We have spoken with firms who’s employees have business email addresses, but still opt to use their personal addresses to keep from having to switch inboxes. From a security standpoint, having a business email you use sporadically has the same security risks as not having a dedicated business email at all.
Originally published at https://soteria.io/personal-email-security-risk/ on December 2, 2016.
