IT admins have to give users reasons to stay in their corporate inboxes if they want to mitigate the risks associated with personal email account use.
Enterprise workers often use whatever technology is at hand to do their jobs, even if that means bending company rules. Workers using a personal email account for business can put an organization’s information and intellectual property at risk.
In a survey by Mimecast, a software as a service and unified email management company, 79% of people surveyed admitted to sending business-related emails to or from their personal accounts, and 71% of those people said they were aware that forwarding emailcould be risky.
Though employees under the age of 25 are the most likely to use workarounds such as forwarding email to a personal email account , the behavior is hardly limited to Millennials. A survey conducted by Ipswitch, Inc., a network management and messaging vendor, indicated that 69% of IT professionals send sensitive data -- payroll, customer and financial information -- through their personal email accounts. And more than a third of respondents said they send such data every day.
Why do employees use a personal email account for business?
The reason so many workers are side-stepping the IT-controlled infrastructure isn’t a mystery. More than 50% of respondents in Mimecast’s survey said they experience regular problems with their corporate email, and 39% said that keeping their inboxes within required size limits is their biggest problem. Workers spend considerable time managing their emails to deal with these restrictions, and they often have to delete important communications simply to accommodate corporate policy.
Limits on attachment sizes and file types can also affect how workers do their jobs. Plus, some organizations still don’t allow their workers to access email remotely, either from home systems or mobile devices, which can make it harder for users to get anything done.
What complicates matters is that management often pushes for increased productivity, while IT pushes for increased security. Often, these two forces oppose one another, causing workers to turn to a personal email account that allows them to do their jobs effectively. Services such as Gmail, Hotmail and Yahoo provide constant access from any device in any location, without size and file-type constraints that business email security restrictions impose.
What about personal email account risks?
As convenient as these consumer email services might be, they’re not without risks. Once employees start forwarding email, they’ve essentially undermined the security and governance policies put into place to protect an organization’s information and intellectual property. As a result, IT is often left with little power to control data loss and contend with security and compliance issues.
There is a whole host of ways that data can be compromised when transmitted via a personal email account. The simple act of accessing a personal email account from within the firewall opens a back door into the secure network. Malware, such as viruses, Trojans and worms, can infect computers and spread through the network, leaving openings for hackers to exploit corporate resources.
Even if a user doesn’t access a personal email account from within the firewall, personal accounts are often not as protected against malware as are enterprise systems. Any sensitive data sent via a personal email account is more susceptible to attack. In addition, personal email is often unencrypted, which means someone could intercept passwords and data, leading to sensitive information and intellectual property loss. Users who send and receive email via unsecured Wi-Fi networks may be putting confidential data at even greater risks.
When employees use personal email accounts to conduct business, an organization can no longer ensure that it’s complying with the laws, regulations, contracts and policies that govern the protection of sensitive data. Without such guarantees, organizations might be opening themselves up to fines, penalties, litigation and compromised reputations. In many cases, local and federal governments require organizations to take reasonable steps to minimize data loss, such as protecting credit card and Social Security information. Permitting employees to use personal email accounts to conduct business might be failure to comply, in the eyes of the law.
What can IT do about personal email account use?
The ease with which workers can use a personal email account for business puts organizations in a difficult position. IT must find ways to support the email needs of both the business and its employees. The key is to offer a system that empowers workers while protecting data and ensuring compliance. That might mean increasing inbox and file-size limitations or making email available remotely to all workers. No matter how you solve the personal email problem, you must also educate users about minimizing risks and protecting data.
Email systems and the policies that govern them must evolve to accommodate a new generation of workers, so your employees won’t need to circumvent the organization in the name of productivity.