A recent report found many employees are misusing their corporate email, and this is most common among Gen Z employees, i.e. those born in 1997 or later. Misuse includes using business email platforms for personal use, which can put the entire organization at risk of data breaches and related cybersecurity incidents. It is highly discouraged at most organizations but most commonly abused by Gen Z employees.
After surveying 500 employees on their email behavior, the report by SailPoint Technologies found that 59% of employees surveyed used their business email for personal affairs regularly. The chief misuses were using business email to create e-commerce accounts and logging into social media accounts.
Why is this a problem?
First, social media accounts are common targets for data breaches, and when breached, the email addresses used to make those accounts can become vulnerable. If any employee has used a business email address to log into a social media account, that business email is jeopardized if the social media platform falls under attack. From there, cyber actors have the email address to initiate spam, malware, ransomware, and phishing campaigns and potentially infect the entire business.
Further illustrating the risk of this practice, 44% of respondents noticed an increase in the number of phishing messages they received year to year.
The use of business email for e-commerce shopping is a big problem as well. Many cyber actors impersonate popular retail brands in phishing campaigns. When a business email address has been used to create an account on one such retailer, it again exposes the organization to cyber actor access, leading to the adverse cybersecurity effects noted above.
How can phishing be stopped?
While we’d all like to assume we’ll spot a phishing email when it lands in our inbox, the numbers speak otherwise. On the one hand, 94% of respondents said they could identify a malicious email. In reality, only 29% know how to appropriately act if they receive a phishing email (note: if you receive a phishing email, don’t click anything and contact your IT team for further instructions).
How do we proceed?
This report further supports the idea that employee training is vital to cybersecurity well-being at your organization. If you commit to training employees to the warning signs of phishing emails and ransomware, you create an extra line of defense against cyber actors. You can also use this training as a way to communicate policy on misuse of business email addresses for social media and e-commerce purposes.
Invest in cybersecurity training for your employees at every level in your organization. If you have questions about how to do this, PK Tech can help. We’ve helped countless organizations in several different industries achieve comprehensive cybersecurity plans to protect themselves proactively. Contact us here.