In the latest National Cyber Security Centre report, we picked up on a point raised about domestic email.
‘Malicious actors are now targeting the personal email accounts of high-profile and influential individuals involved in politics. Rather than a mass campaign against the public, the NCSC warns that there is a “persistent effort” by attackers to specifically target people who they think hold information of interest.’
Whilst the NCSC specify politicians, we feel it’s worth raising this issue with EVERYONE, but particularly those with leadership roles. However strong your work/life balance and your commitment to spending your free time wisely, the hackers don’t see it that way. Why? Because they know that there are those odd occasions when personal email accounts get inadvertently used for business purposes. That policies and procedures may not be followed as rigorously when we’re at home or in a rush. That domestic email security may not be as solid as at work. We’ve only got to look back at the controversy surrounding Hillary Clinton’s emails as a prime example of how boundaries are easily blurred if we don’t stay vigilant. Whilst we may believe we have it covered, please take a look at the list below to make sure you and your teams are successfully keeping your work email and domestic email separate and secure.
Using a personal or domestic email for work-related purposes can pose cybersecurity risks for several reasons:
Limited Security Features
Domestic email providers may not offer the same level of security as business email services. Work-related emails often contain sensitive information, and using a less secure email platform increases the risk of unauthorised access and data breaches.
Phishing and Social Engineering
Cybercriminals often target individuals with phishing emails and social engineering attacks. Using a personal email for work may make it easier for attackers to craft convincing phishing messages, as they might have information about your personal life that they can use to make the emails seem more believable.
Personal email accounts may have weaker authentication mechanisms compared to business email accounts. Using strong authentication methods, such as two-factor authentication, is crucial for securing work-related accounts and preventing unauthorised access.
Lack of Encryption
Work emails often contain confidential information that requires protection. Business email services typically offer encryption features to secure the content of emails during transmission. Personal email services may not provide the same level of encryption, exposing sensitive information to potential interception.
Depending on the nature of your work, there may be legal and regulatory requirements regarding the protection of sensitive data. Using a personal email address for work-related communication may lead to non-compliance with industry or legal standards.
Personal devices used for accessing personal email accounts may not have the same security measures in place as company-managed devices. If a personal device is compromised, it could lead to unauthorised access to work-related emails and data.
Difficulty in Monitoring and Management
IT support providers often implement security measures, monitoring systems, and management tools to ensure the security of work-related emails. Using personal email accounts makes it challenging for IT teams to monitor and manage security effectively.
How can you stay secure?
To mitigate these cybersecurity risks, we recommend that you only ever use a work-specific email address for work, follow security best practices, and be aware of potential threats like phishing attacks. And if you’re a business leader – lead by example. Whilst your teams may be targeted, you are higher on the hackers list. Both creating, applying and adhering to company policies and guidelines for email use is crucial in maintaining a secure work environment.
We’ll make sure that your business email security is as secure as possible. Additionally, we will assist in formulating comprehensive policies and tailored training packages to maintain clear boundaries between professional and personal communication via email.