Insights: Article

Private Email Accounts + Business Communications = A Hacker’s Delight

By Anders Erickson

July 06, 2017

The head of the CIA had his private email account hacked. Hackers stole agency data that shouldn’t have been on his personal account. Did you know hackers can use a private email account to attack your customers? Or that employees can keep secrets from you if they use private email? Think twice about allowing personal email accounts for business communications because:

  1. Private email accounts don’t enforce same level of security as corporate email, and they’re more easily hacked.
    • When the head of the CIA had his private email account hacked, they stole agency data that shouldn’t have been there. Among the attachments stolen were a spreadsheet containing names and Social Security numbers—some of them for U.S. intelligence officials—and a letter from the Senate asking the CIA to halt its use of harsh interrogation techniques.
  2.  Hackers could use a private email account to attack your customers.
    • Attackers hacked a user’s Gmail account and sent phishing emails to all of the contacts on the account. Imagine the damage if your customers were hacked through emails sent from a salesperson’s email account. 
  3. Emails sent via personal accounts are not discoverable in standard legal discovery procedures.
    • An employee made the front page of the New York Times two years ago when they never obtained a work email account, conducting all business from a personal account.

      “All companies should be concerned about retention because a failure to preserve information may give rise to allegations of spoliation in litigation. It is nearly impossible for a company to preserve an employee’s personal email account because the company typically has no control over the settings or usage of that account, both of which could increase the likelihood of a spoliation claim. Allegations of spoliation, if proven, can result in substantial sanctions to a company.”

  4. Employees can keep secrets from the business.
    • If an employee is using a personal email account to send business-related email using a company device, it doesn’t necessarily mean the organization has the right to search those emails. In the case of Stengart vs. Loving Care, the New Jersey Supreme Court ruled that an employee “could reasonably expect that email communication with (their) lawyer through her personal, password-protected, web-based email account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them.”
    • Communications that employees conduct using their personal email accounts are considered private.
  5. Data sent through a private email account is out of your control.
    • Allowing employees to use personal email accounts to conduct business means that your company’s business information is being stored on mail servers outside of your control, anywhere in the world.
    • Private email services, like Gmail and Yahoo, store data everywhere. They have servers all over the world and there is no way to confidently identify where your data is located when it’s sent via a private email account.

There’s more than enough evidence and data to show that private email accounts are dangerous for business communications. So what are you waiting for? Encourage your employees to exclusively use their work accounts for business communications. Start today.  

Besides setting up a policy so staff only use their work email for work, you should also be employing an email security system to better protect your work email accounts. An email security system should be in place to protect against threats, such as ransomware, coming through email. Even if your team has been trained to be cautious and avoid social engineering, without an effective and strong security system, threats can still get through.

Latest Insights

March 21, 2019
Arizona has filed a lawsuit against California over its “doing business” tax. 
March 21, 2019
Firm News
The union adds a new office and state to the regional CPA firm and adds additional ERP talent to their growing NetSuite practice.
March 20, 2019
If your answer to this question is yes – or you are considering doing business internationally – you probably know there are many fine details that need your attention. Some questions to ask yourself: Do you have related parties in different…
March 20, 2019
Ready to think about what life is like post-business? If a transition is on the horizon, we offer seven steps to help you create a successful succession plan.
March 20, 2019
The decision to transition your business is a big one, but there are a few questions you can ask to determine if you’re ready.
March 20, 2019
Cyberthreats are a clear and present danger, and hackers can target manufacturing and industrial companies for trade secrets, business plans and more. Are you protected?