Recently, ride-sharing giant Uber experienced a data breach at the hands of a teenager who social engineered an employee and gained access to their VPN. Although the hacker appears to not have malicious intent, his actions serve as a perfect reminder of why it’s not a good idea to use company email addresses for personal accounts like Uber, Amazon, Netflix, etc. Company email addresses are often convenient and easy to remember, but they place employees and organizations at risk of potential attacks. Most employers have email policies that state that employees shouldn’t use company emails for any non-business services but that doesn’t stop it from happening. Before you create a new account with a company email, here are some critical reasons to think otherwise:
1. By using your company email address for various personal accounts, you increase the chance of those credentials becoming comprised and open the door to potential spear-phishing attacks at your organization. Spear-phishing is when attackers tailor their phishing attempt to make it more plausible to a target based on the information the attacker knows about your place of employment. This is similar to what happened to Uber, a hacker got a hold of an employee’s email and reached out to gain access to their private network using reasons that made sense to an employee.
2. Hackers could also gain control of your company email account if you not only use it freely on the internet but also have a weak password protecting it. If a hacker is able to guess your password, they could change the password of your account and use it to distribute malicious attacks to other employees at your organization because it appears legit. This is why it’s so crucial to not just limit the usage of your company email but to administer strong, unique passwords or passphrases for all your accounts.
3. Many organizations have access to search through an employee’s email if given a valid reason to. If you like to keep where you buy goods online or what services you use private, then use personal, anonymous emails for your non-business accounts so that a potential manager doesn’t know what you do in your leisure time.
4. Another solid reason that’s not tied to privacy or security is the fact that you may not work at your place of employment forever. If you use company addresses for personal accounts and then leave your job, it can be challenging to recover an account or retrieve a password because you will no longer have access to your inbox. This alone is a large enough headache to think again before using a company email.
Company emails are already easy to find compared to personal ones. By overusing it on non-business-related accounts, you are opening the door to potential phishing attacks, spam and viruses. In order to protect your inbox, keep your personal web activities private, and ensure you have access to your online accounts, you should never use company email addresses outside of work.
At BerganKDV, we help organizations instill robust security policies and administer training that discusses the importance of not using company emails for personal services. That way, their organizations can educate their employees and best stay protected against cyber incidents such as the one Uber experienced. If you have questions regarding what security services we can offer your organization, feel free to reach out and one of our team members will assist you. Otherwise, try our free mini-security assessment here to get a base level of how your current security procedures stack up and where you may have gaps or opportunities for improvement.