By Roman Dedenok at Kaspersky
Many people know that using a personal mail account for business correspondence is a bad idea, yet they see nothing wrong with using a corporate address to register on social networks, online services, and other non-work resources. It’s handy, after all, to receive all work and personal messages in one mailbox.
That said, you’d be hard-pressed to find a reputable resource recommending it. From work-life imbalance to privacy violations (management and administrators may have access to your work mail), loss of access to services in case of dismissal, and more, the reasons not to mix business e-mail with personal are legion. In fact, the first consideration that should stop an employee from using a corporate mail account for personal matters is information security.
- It makes profiling easier
Before sending a phishing e-mail to a specific employee, cybercriminals harvest information online, using specialized tools to learn which address someone uses on social networks, online platforms, and so forth. Using a corporate address for non-business purposes makes you easier to profile by helping attackers build a social portrait of you, thereby making you more vulnerable to spear-phishing in the first stage of an attack on the company.
- It facilitates spear-phishing
Cybercriminals choose the tricks they think will best ensnare their victims. If they learn you’ve used your corporate mail address to register elsewhere, they know you’re likely to fall for a phishing e-mail. All they have to do is disguise their message as a legitimate notification from a service that you really are registered on.
- It provides criminals with a smoke screen
Typically, all a cybercriminal needs for an attack to succeed is time. That’s why many services send a note to the account holder if you or anyone else tries to log in from an unknown IP address or attempts to change the password. Of course, to get ahead of the hackers, you need to know about those warnings as soon as possible. To that end, arrange a riot of notifications in your mailbox. If you’ve linked your address to outside resources, when hackers (or their bots) begin trying to brute-force your social network and other personal accounts, your inbox will quickly fill with warnings and alerts.
- More mass phishing and malware in the inbox
When it comes to securing customers’ data, not all online resources were born equal — hence the near-daily headlines about online leaks. And leaked databases are very popular with mass spammers, who simply buy lists of addresses to flood with malicious links or phishing messages. Essentially, the more resources you tie to your corporate mail account, the more potential threats you’ll see in your inbox.
- The eyes glaze over
Speaking of seeing more messages in your inbox, that extra volume can lead to trouble. With greater variety — for example, nonwork e-mails among business messages — dangerous items become harder to spot. The more personal e-mails you read during business hours, the more likely you are to accidentally click on a malicious attachment or follow a phishing link.
Even if you don’t use a work address for personal matters, it’s important to deploy technical means to protect against spam and phishing. The more layers of protection, the better. We recommend securing the corporate infrastructure against phishing at both the mail server and the workstation levels.