Insights: Article

Private Email Accounts + Business Communications = A Hacker’s Delight

By   Anders Erickson

July 06, 2017

The head of the CIA had his private email account hacked. Hackers stole agency data that shouldn’t have been on his personal account. Did you know hackers can use a private email account to attack your customers? Or that employees can keep secrets from you if they use private email? Think twice about allowing personal email accounts for business communications because:

  1. Private email accounts don’t enforce same level of security as corporate email, and they’re more easily hacked.
    • When the head of the CIA had his private email account hacked, they stole agency data that shouldn’t have been there. Among the attachments stolen were a spreadsheet containing names and Social Security numbers—some of them for U.S. intelligence officials—and a letter from the Senate asking the CIA to halt its use of harsh interrogation techniques.
  2.  Hackers could use a private email account to attack your customers.
    • Attackers hacked a user’s Gmail account and sent phishing emails to all of the contacts on the account. Imagine the damage if your customers were hacked through emails sent from a salesperson’s email account. 
  3. Emails sent via personal accounts are not discoverable in standard legal discovery procedures.
    • An employee made the front page of the New York Times two years ago when they never obtained a work email account, conducting all business from a personal account.

      “All companies should be concerned about retention because a failure to preserve information may give rise to allegations of spoliation in litigation. It is nearly impossible for a company to preserve an employee’s personal email account because the company typically has no control over the settings or usage of that account, both of which could increase the likelihood of a spoliation claim. Allegations of spoliation, if proven, can result in substantial sanctions to a company.”

  4. Employees can keep secrets from the business.
    • If an employee is using a personal email account to send business-related email using a company device, it doesn’t necessarily mean the organization has the right to search those emails. In the case of Stengart vs. Loving Care, the New Jersey Supreme Court ruled that an employee “could reasonably expect that email communication with (their) lawyer through her personal, password-protected, web-based email account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them.”
    • Communications that employees conduct using their personal email accounts are considered private.
  5. Data sent through a private email account is out of your control.
    • Allowing employees to use personal email accounts to conduct business means that your company’s business information is being stored on mail servers outside of your control, anywhere in the world.
    • Private email services, like Gmail and Yahoo, store data everywhere. They have servers all over the world and there is no way to confidently identify where your data is located when it’s sent via a private email account.

There’s more than enough evidence and data to show that private email accounts are dangerous for business communications. So what are you waiting for? Encourage your employees to exclusively use their work accounts for business communications. Start today.  

Besides setting up a policy so staff only use their work email for work, you should also be employing an email security system to better protect your work email accounts. An email security system should be in place to protect against threats, such as ransomware, coming through email. Even if your team has been trained to be cautious and avoid social engineering, without an effective and strong security system, threats can still get through.

Latest Insights

July 19, 2018
Article
While it’s great to watch your team grow, hiring new employees can be a frustrating and grueling process.
July 19, 2018
Article
Often, human resources (HR) is over looked, but we’re here to tell you it’s an essential component of any organization and critically important to get right.
July 13, 2018
Article
Here are some idea for giving your new hire a smooth start into your business and alleviating stress for you.
July 13, 2018
Article
The impact of the recent SCOTUS Wayfair decision will continue to have a ripple effect on businesses and state sales tax compliance.
July 9, 2018
Article
The revenue cycle is a complex system and we have historically given much attention to the front-end and back-end while oftentimes leaving the middle functions of the cycle neglected.
July 3, 2018
Article
FASB Accounting Standards Codification Topic 606, Revenue from Contracts with Customers, provides a 5-step framework for determining revenue recognition.
July 2, 2018
Article
As part of the Tax Reform Act of 1986, the “Kiddie tax,” a taxing regime designed to make the transfer of income items by wealthy parents to lower tax paying children less attractive, was implemented.
July 2, 2018
Article
When it comes to your employees, you likely conducted interviews on them when you first hired them.
July 2, 2018
Article
Nearly ten years after the release of the initial exposure draft, FASB issued ASU 2016-02, Leases - The standard may have been issued, but the conversation about this re-write of legacy guidance has not slowed.