Insights: Article

Private Email Accounts + Business Communications = A Hacker’s Delight

By   Anders Erickson

July 06, 2017

The head of the CIA had his private email account hacked. Hackers stole agency data that shouldn’t have been on his personal account. Did you know hackers can use a private email account to attack your customers? Or that employees can keep secrets from you if they use private email? Think twice about allowing personal email accounts for business communications because:

  1. Private email accounts don’t enforce same level of security as corporate email, and they’re more easily hacked.
    • When the head of the CIA had his private email account hacked, they stole agency data that shouldn’t have been there. Among the attachments stolen were a spreadsheet containing names and Social Security numbers—some of them for U.S. intelligence officials—and a letter from the Senate asking the CIA to halt its use of harsh interrogation techniques.
  2.  Hackers could use a private email account to attack your customers.
    • Attackers hacked a user’s Gmail account and sent phishing emails to all of the contacts on the account. Imagine the damage if your customers were hacked through emails sent from a salesperson’s email account. 
  3. Emails sent via personal accounts are not discoverable in standard legal discovery procedures.
    • An employee made the front page of the New York Times two years ago when they never obtained a work email account, conducting all business from a personal account.

      “All companies should be concerned about retention because a failure to preserve information may give rise to allegations of spoliation in litigation. It is nearly impossible for a company to preserve an employee’s personal email account because the company typically has no control over the settings or usage of that account, both of which could increase the likelihood of a spoliation claim. Allegations of spoliation, if proven, can result in substantial sanctions to a company.”

  4. Employees can keep secrets from the business.
    • If an employee is using a personal email account to send business-related email using a company device, it doesn’t necessarily mean the organization has the right to search those emails. In the case of Stengart vs. Loving Care, the New Jersey Supreme Court ruled that an employee “could reasonably expect that email communication with (their) lawyer through her personal, password-protected, web-based email account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them.”
    • Communications that employees conduct using their personal email accounts are considered private.
  5. Data sent through a private email account is out of your control.
    • Allowing employees to use personal email accounts to conduct business means that your company’s business information is being stored on mail servers outside of your control, anywhere in the world.
    • Private email services, like Gmail and Yahoo, store data everywhere. They have servers all over the world and there is no way to confidently identify where your data is located when it’s sent via a private email account.

There’s more than enough evidence and data to show that private email accounts are dangerous for business communications. So what are you waiting for? Encourage your employees to exclusively use their work accounts for business communications. Start today.  

Besides setting up a policy so staff only use their work email for work, you should also be employing an email security system to better protect your work email accounts. An email security system should be in place to protect against threats, such as ransomware, coming through email. Even if your team has been trained to be cautious and avoid social engineering, without an effective and strong security system, threats can still get through.

Latest Insights

May 25, 2018
While revenue recognition implementation guidance under FASB is still being finalized, a significant portion of health care industry information is now available.
May 25, 2018
Did your U.S. business have direct or indirect ownership or control by a foreign person or enterprise at any time during 2017? If yes, you need to read on.
May 24, 2018
Do you owe tax in Alabama, Connecticut, Indiana or Texas? If so, you should consider participating in an available amnesty program.
May 21, 2018
Firm News
Today, accounting firm Brad Rhodes and Associates of Greenwood Village, Colo.
May 21, 2018
The mission of the organization may sing to your heart strings, but sometimes the nicest people who appear to live for the mission create unimaginable havoc, and you can’t turn a blind eye.
May 21, 2018
Whether it be accidentally or on purpose we have all deleted a file.