Insights: Article

Private Email Accounts + Business Communications = A Hacker’s Delight

By Anders Erickson

July 06, 2017

The head of the CIA had his private email account hacked. Hackers stole agency data that shouldn’t have been on his personal account. Did you know hackers can use a private email account to attack your customers? Or that employees can keep secrets from you if they use private email? Think twice about allowing personal email accounts for business communications because:

  1. Private email accounts don’t enforce same level of security as corporate email, and they’re more easily hacked.
    • When the head of the CIA had his private email account hacked, they stole agency data that shouldn’t have been there. Among the attachments stolen were a spreadsheet containing names and Social Security numbers—some of them for U.S. intelligence officials—and a letter from the Senate asking the CIA to halt its use of harsh interrogation techniques.
  2.  Hackers could use a private email account to attack your customers.
    • Attackers hacked a user’s Gmail account and sent phishing emails to all of the contacts on the account. Imagine the damage if your customers were hacked through emails sent from a salesperson’s email account. 
  3. Emails sent via personal accounts are not discoverable in standard legal discovery procedures.
    • An employee made the front page of the New York Times two years ago when they never obtained a work email account, conducting all business from a personal account.

      “All companies should be concerned about retention because a failure to preserve information may give rise to allegations of spoliation in litigation. It is nearly impossible for a company to preserve an employee’s personal email account because the company typically has no control over the settings or usage of that account, both of which could increase the likelihood of a spoliation claim. Allegations of spoliation, if proven, can result in substantial sanctions to a company.”

  4. Employees can keep secrets from the business.
    • If an employee is using a personal email account to send business-related email using a company device, it doesn’t necessarily mean the organization has the right to search those emails. In the case of Stengart vs. Loving Care, the New Jersey Supreme Court ruled that an employee “could reasonably expect that email communication with (their) lawyer through her personal, password-protected, web-based email account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them.”
    • Communications that employees conduct using their personal email accounts are considered private.
  5. Data sent through a private email account is out of your control.
    • Allowing employees to use personal email accounts to conduct business means that your company’s business information is being stored on mail servers outside of your control, anywhere in the world.
    • Private email services, like Gmail and Yahoo, store data everywhere. They have servers all over the world and there is no way to confidently identify where your data is located when it’s sent via a private email account.

There’s more than enough evidence and data to show that private email accounts are dangerous for business communications. So what are you waiting for? Encourage your employees to exclusively use their work accounts for business communications. Start today.  

Besides setting up a policy so staff only use their work email for work, you should also be employing an email security system to better protect your work email accounts. An email security system should be in place to protect against threats, such as ransomware, coming through email. Even if your team has been trained to be cautious and avoid social engineering, without an effective and strong security system, threats can still get through.

Latest Insights

November 16, 2018
If your business sells or operates in more than one state, it’s important to understand the concept of nexus. Depending on how you’re earning revenue, having nexus could impose a variety of taxes, which vary state to state. Learn more in our…
November 15, 2018
Until recently, many businesses weren’t overly concerned about sales tax. They knew they needed to collect and remit in the state in which they resided, but beyond that, their compliance burden was limited.
November 12, 2018
This insight explores what dealerships can expect from the proposed section 199A regulations under tax reform.
November 8, 2018
Are you a business taxpayer with annual gross receipts of $25 Million or less? If so, you may be eligible to take advantage of new Small Taxpayer Safe Harbors that could generate significant tax savings and simplify your tax returns in future years!
November 8, 2018
Considered the most significant tax code overhaul in over three decades, the Tax Cuts and Jobs Act passed in 2017 includes provisions affecting both individuals and businesses.
November 7, 2018
Recorded Webinar
State and local sales tax compliance is always evolving, making it important to stay up-to-date on changes affecting your tax liability and responsibilities. This session will cover what you need to know regarding the recently enacted state and…
November 7, 2018
“Why is my portfolio underperforming the market?” This question may be on your mind.
November 5, 2018
Identify your implementation methodology. There are four practical expedients available. We'll explore each option.
November 5, 2018
Deeper dive into ASU 2016 liquidity.