Many employees are misusing their corporate email

A woman using a laptop to send email replies.

(Image credit: Shutterstock)

Most workers are using business emails platforms for personal affairs, potentially putting the company at a significantly higher risk of data breaches and other cybersecurity-related incidents.

This is according to a new report from SailPoint Technologies, whcih when surveying 500 US employees on their behavior surrounding business email accounts, found that 59% use it for personal functions.

Two activities particularly stood out to the researchers - using business email to log into social media accounts, and using it to create e-commerce accounts.

Under attack

These two things are highly problematic, SailPoint says, as social media sites are often under attack, and should a breach occur - these email addresses could be compromised and sold on the black market. Once there, malicious actors could use it to conduct phishing campaigns, or spread spam, malware and ransomware.

In fact, almost half (44%) of the respondents said they noticed an increase in the number of phishing messages they received year on year.

Spotting a phishing attempt

Using a business email for online shopping is problematic, as well, due to the rising number of phishing campaigns. Oftentimes, malicious actors impersonate popular retail brands in these campaigns.

Yet most people are confident they’re able to spot phishing, with almost all (94%) respondents saying they’d be able to identify a fraud attempt in their inbox. However many don’t know what to do with that knowledge, with the report finding only 29% know how to appropriately react to a phishing email, namely by forwarding it to IT.

Among the different age groups of workers, Gen Z’s are the biggest offenders, the survey found. Almost all of them (93%) use their business emails for personal affairs. More than three-quarters (77%) use it for social media logins, while 46% said they would actually open the shady link or email attachment.

“By using corporate email for personal use, employees are inadvertently expanding the threshold for malicious actors to enter into a corporate network, completely unnoticed,” says Heather Gantt-Evans, CISO at SailPoint. “As demonstrated by the data, most don’t know what to do if they see suspicious activity, but with proper education and training, we can deter these types of events to ensure business remains operating as usual.”

These are the best email hosting services around

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.