Problem solve Get help with specific problems with your technologies, process and projects.

How IT can compete with personal email account use

When a business user resorts to forwarding email to a personal email account, it can endanger corporate information. IT may have to take some cues from Gmail to stop this practice.

IT admins have to give users reasons to stay in their corporate inboxes if they want to mitigate the risks associated with personal email account use.

Enterprise workers often use whatever technology is at hand to do their jobs, even if that means bending company rules. Workers using a personal email account for business can put an organization’s information and intellectual property at risk.

In a survey by Mimecast, a software as a service and unified email management company, 79% of people surveyed admitted to sending business-related emails to or from their personal accounts, and 71% of those people said they were aware that  forwarding emailcould be risky.

Though employees under the age of 25 are the most likely to use workarounds such as forwarding email to a personal email account , the behavior is hardly limited to Millennials. A survey conducted by Ipswitch, Inc., a network management and messaging vendor, indicated that 69% of IT professionals send sensitive data -- payroll, customer and financial information -- through their personal email accounts. And more than a third of respondents said they send such data every day.

Why do employees use a personal email account for business?

The reason so many workers are side-stepping the IT-controlled infrastructure isn’t a mystery. More than 50% of respondents in Mimecast’s survey said they experience regular problems with their corporate email, and 39% said that keeping their inboxes within required size limits is their biggest problem. Workers spend considerable time managing their emails to deal with these restrictions, and they often have to delete important communications simply to accommodate corporate policy.

Limits on attachment sizes and file types can also affect how workers do their jobs. Plus, some organizations still don’t allow their workers to access email remotely, either from home systems or mobile devices, which can make it harder for users to get anything done.

What complicates matters is that management often pushes for increased productivity, while IT pushes for increased security. Often, these two forces oppose one another, causing workers to turn to a personal email account that allows them to do their jobs effectively. Services such as Gmail, Hotmail and Yahoo provide constant access from any device in any location, without size and file-type constraints that business email security restrictions impose.

What about personal email account risks?

As convenient as these consumer email services might be, they’re not without risks. Once employees start forwarding email, they’ve essentially undermined the security and governance policies put into place to protect an organization’s information and intellectual property. As a result, IT is often left with little power to control data loss and contend with security and compliance issues.

There is a whole host of ways that data can be compromised when transmitted via a personal email account. The simple act of accessing a personal email account from within the firewall opens a back door into the secure network. Malware, such as viruses, Trojans and worms, can infect computers and spread through the network, leaving openings for hackers to exploit corporate resources.

Even if a user doesn’t access a personal email account from within the firewall, personal accounts are often not as protected against malware as are enterprise systems. Any sensitive data sent via a personal email account is more susceptible to attack. In addition, personal email is often unencrypted, which means someone could intercept passwords and data, leading to sensitive information and intellectual property loss. Users who send and receive email via unsecured Wi-Fi networks may be putting confidential data at even greater risks.

When employees use personal email accounts to conduct business, an organization can no longer ensure that it’s complying with the laws, regulations, contracts and policies that govern the protection of sensitive data. Without such guarantees, organizations might be opening themselves up to fines, penalties, litigation and compromised reputations. In many cases, local and federal governments require organizations to take reasonable steps to minimize data loss, such as protecting credit card and Social Security information. Permitting employees to use personal email accounts to conduct business might be failure to comply, in the eyes of the law.

More on personal email account use

Will cloud email services replace old-school enterprise email?

Is it possible to prevent email forwarding?

What can IT do about personal email account use?

The ease with which workers can use a personal email account for business puts organizations in a difficult position. IT must find ways to support the email needs of both the business and its employees. The key is to offer a system that empowers workers while protecting data and ensuring compliance. That might mean increasing inbox and file-size limitations or making email available remotely to all workers. No matter how you solve the personal email problem, you must also educate users about minimizing risks and protecting data.

Email systems and the policies that govern them must evolve to accommodate a new generation of workers, so your employees won’t need to circumvent the organization in the name of productivity.

Dig Deeper on Enterprise mobile app strategy

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This is a great article on something that is cast a blind eye.

Most managers don't seem to understand that they are demanding certain tasks are accomplished, while the office automation software usually has been set up to make it difficult, complex, or impossible to accomplish said task.

I think the ubiquitous adoption of MSExchange is a big part of this. It has a HUGE, bloated footprint, and is woefully inefficient - But it is the darling of corporate IT. It brings a lot of unnecessary limitations to the table. It would take quite a paradigm shift to get managers to consider alternatives, despite nearly every alternative offers IMMENSE licensing cost savings.
Google already spyes on us throughout "search engines"; "chrome"; "street map" . . . . now you want me to use their email? . . . . . . . Forget it!
I *definitely* kept my work and personal email separate. I didn't need my own email cluttered with work junk. My thought on using a personal email for work stuff is the same as my opinion on "BYOD"; if it's for my job, let my employee foot the costs. I'm getting paid little enough as it is, I'm not going to get in the habit of subsidizing expenses that are rightfully *theirs*, just so some top-level executives can protect their excessive pay levels (like you, SamP.). If they don't want to cough up the money to give me adequate resources, then it's all their own fault if I have to delete important emails & documents.
Even if you don't forward your email to your personal account, what's the difference if you send it to your 3rd party contacts - which is legitimate and commonly done?