Most workers are using business emails (opens in new tab) platforms for personal affairs, potentially putting the company at a significantly higher risk of data breaches and other cybersecurity-related incidents.
This is according to a new report from SailPoint Technologies, whcih when surveying 500 US employees on their behavior surrounding business email (opens in new tab) accounts, found that 59% use it for personal functions.
Two activities particularly stood out to the researchers - using business email to log into social media accounts, and using it to create e-commerce accounts.
These two things are highly problematic, SailPoint says, as social media sites are often under attack, and should a breach occur - these email (opens in new tab) addresses could be compromised and sold on the black market. Once there, malicious actors could use it to conduct phishing campaigns, or spread spam, malware (opens in new tab) and ransomware (opens in new tab).
In fact, almost half (44%) of the respondents said they noticed an increase in the number of phishing messages they received year on year.
Spotting a phishing attempt
Using a business email for online shopping is problematic, as well, due to the rising number of phishing campaigns. Oftentimes, malicious actors impersonate popular retail brands in these campaigns.
Yet most people are confident they’re able to spot phishing, with almost all (94%) respondents saying they’d be able to identify a fraud attempt in their inbox. However many don’t know what to do with that knowledge, with the report finding only 29% know how to appropriately react to a phishing email, namely by forwarding it to IT.
Among the different age groups of workers, Gen Z’s are the biggest offenders, the survey found. Almost all of them (93%) use their business emails for personal affairs. More than three-quarters (77%) use it for social media logins, while 46% said they would actually open the shady link or email attachment.
“By using corporate email (opens in new tab) for personal use, employees are inadvertently expanding the threshold for malicious actors to enter into a corporate network, completely unnoticed,” says Heather Gantt-Evans, CISO at SailPoint. “As demonstrated by the data, most don’t know what to do if they see suspicious activity, but with proper education and training, we can deter these types of events to ensure business remains operating as usual.”
These are the best email hosting (opens in new tab) services around