1 (306) 502-1116

Why your staff should never use their personal email at work

Tillman Hodgson

In our experience, most employees want to do a good job. They’re committed, passionate and in the habit of helping their employer. However, many employees are under lots of stress, being pulled in a variety of directions on a daily basis. For simple convenience, some may use their personal emails for corporate work at one […]

In our experience, most employees want to do a good job. They’re committed, passionate and in the habit of helping their employer. However, many employees are under lots of stress, being pulled in a variety of directions on a daily basis. For simple convenience, some may use their personal emails for corporate work at one time or another. This is a bad practice and should be avoided at all costs.

In fact, you should have a policy in place that prevents staff (and management for that matter) from using their personal emails for corporate purposes. This may sound draconian but it is a foundational step in preventing the use of personal email in the workplace.

So why does this matter?

This matters as it can create a backdoor to a data breach. Of course, not every single email sent from a personal account creates an issue, but it’s a bad habit to fall into. It’s like driving without shoulder checking. You might get away with it for a while but eventually, that habit is likely going to come back to haunt you. It’s better to nip this unnecessary risk in the bud.

Scared Modern Family GIF - Find & Share on GIPHY
via GIPHY

In some cases (yes, sadly this does happen) the intent of an employee may be more malicious. Perhaps they are exfiltrating data from your organization for nefarious purposes. But, it should be said, in the vast majority of cases, employees don’t mean to cause an issue. Yet the reasoning is not hugely relevant, the consequences are what matter most.

Using personal email can also create a crack in your security armour allowing malware and other cyber threats to slip through. After all, the protocols and protections for personal email are typically less stringent than those used on professional accounts.

Moreover, personal email is not managed by an organization’s IT department, nor is it visible to them. They may not even know where the servers are (i.e. where the data is stored). This means there is no standard security, compliance, back up or governance in place. This is a substantial problem.

Another potential issue is accidental data loss. If your environment is lax with its data security protocols, an employee may store important files on an account that can only be accessed via their personal email. Yet, perhaps some months later, they move on to take a new position elsewhere in the country. It may be another few months before you even realize that the file you thought you had access to is unavailable. This accidental leakage can be just as damaging as a deliberate leak and it happens more than you think. How about an example? Check out what happened at Boeing a number of years ago. Big yikes!

Sharing sensitive data via personal email may also represent a consumer privacy violation in certain contexts or breach of contract. Long story short, it needs to be avoided at all costs.

Walk the data security walk…

At the end of the day, all electronic communications being sent on behalf of your organization should be centralized to minimize risk. The security protocols should be carefully managed by your internal IT team, perhaps in conjunction with a trusted and reputable third party.

However, policies and procedures are only as effective as their enforcement. You may have a policy of not using personal email. But if senior management and other team members are allowed to use personal email without repercussions, this is a problem. The use of personal email for corporate work should be strongly discouraged. Everyone at the organization needs to walk the data security walk.

Regardless of how secure you may feel your organisation is, it requires each member to consistently practice their security skills to keep your data safe and your organisation secure.

Thanks to the folks over at Avasant for this chart:

Source: https://avasant.com/report/insider-risk-assessment-which-of-your-employees-may-be-the-bad-apple/

This includes making things as easy as possible for your employees. If you have a culture that sees team members using personal email for corporate work, try to find out why. The work to develop a solution that rectifies the issue without creating unnecessary obstacles for your team. Simply explaining the importance of avoiding using personal email can also help too. Again, most employees want to do a good job for their company.

At SeekingFire Consulting Inc., we offer a wide variety of data security services. If you’re looking for help or advice with your cybersecurity needs, please contact us. We would be happy to help. We’re also happy to partner with in-house IT specialists to deliver the solution that best suits your organization’s needs.

Disclaimer

While we have made every effort to present accurate, unbiased and helpful information in this article, please note that it reflects the author’s opinion and is written for the purposes of general knowledge, information and discussion. This article is not intended as legal advice, nor should it be considered as advice specific to your individual data security situation. If you would like to discuss your cybersecurity needs in specific detail, please get in touch with us.

Ready to learn more?

Stopping the Leaks: How to Play Safe on Today’s Internet

Stopping the Leaks: How to Play Safe on Today’s Internet

Sara finds an email in her inbox, notifying her that she has been the victim of a data leak through one of her social media accounts. Brad gets a similar email, letting him know that his private information is no longer secure after his favourite online store experienced a security breach. These types of notifications are almost commonplace as cybercriminals become increasingly sophisticated in their attacks on the networks that hold our data. In fact, there have been over 26 billion records exposed in what Canadian cybersecurity researchers are terming a “supermassive leak”. 

read more
How to Create a Comprehensive Cybersecurity Plan for Your Business

How to Create a Comprehensive Cybersecurity Plan for Your Business

When you’re running a company, there are a lot of moving parts to consider. You may be managing inventory and operations, delegating tasks to various departments, and ensuring efforts are coordinated to streamline your processes. At the same time, you want to make sure that information required to keep your company functional is protected from outside threats. To do this, you need a cybersecurity plan.

read more