We all have at least one free personal email account – Gmail, Yahoo, AOL, Hotmail. They are convenient, have great interfaces, offer many features, and have almost unlimited storage space. For many reasons, I advocate for using at least one personal email account for your personal use. But, for many other reasons, we have to accept the fact that we must separate professional business email and personal email.
As a start, let’s recall the Yahoo email breach of 2016, where over 1 billion accounts were breached. Using a personal email account, such as Gmail, for business purposes is inherently risky. (We’ll use Gmail as an example because it’s the most popular email client used around the world.) Forwarding your professional email to Gmail is not recommended by Weinberg College IT. There are security and privacy risks associated with forwarding, but there’s also a simple non-technical reason to not forward your professional email to a personal email account: It’s your professional email.
Professional Emails
Forwarding makes communications look unprofessional. Do you work at yourname@domain.edu, or @gmail.com? Those email addresses certainly don’t match your company domain. Using your Northwestern email address also helps the recipients of your emails know that your email is valid. Just as you check who is sending you emails to make sure you’re not getting phished, your email recipients do the same.
How about Security?
The potential risks for a hack on a personal email account are greater than your business account. When sensitive business emails leave their initial safe company environment they are at a higher risk of being compromised. If you forward your company’s email to a personal email account, you may be breaking the rules. Northwestern University provides guidelines for security and confidentiality of data files, and it states
“NU employees or persons with access to IT Computing Services data shall not: Make unauthorized use of any information in files maintained, stored, or processed by IT Management Systems, or permit anyone else to make unauthorized use of such information. Exhibit or divulge the contents of any record or report to any person except in the conduct of their work assignment and in accordance with University and departmental policies.”
Once a user’s account has been compromised, the perpetrators can change the account’s password without the end user noticing. Once the “hackers” have studied your email habits, have read your sent email, and know who to contact, they’ll start sending emails on your behalf. The worst of it is, you don’t find out until it’s already too late.
If your imposter starts sending emails requesting large monetary transfers to bank accounts across the world, the unsuspecting recipient of that email, if not savvy enough, will believe the email is a legitimate request. And just like that, you could have thousands, if not, millions of dollars lost because your free email account was compromised. Take this CEO’s experience for example.
Keeping your email on company servers is the best email practice. You may not love its interface, storage limitations, or attachment size limits. But, sacrificing privacy and security for aesthetics is not the best business case for using a free personal email account.
If your personal email account is compromised, and sensitive information is stolen, trying to reach out the “Tech Support” line from your personal email provider is almost impossible. Most likely you’ll get a link to an FAQ site, just to find out how to change your password. And, if you didn’t already configure multi-factor authentication on your free account, it can be very difficult to find out when your email account has been compromised.
In contrast, using Northwestern approved email clients, like Outlook and Webmail, give you an additional layer of support and resources from Northwestern and Weinberg College IT.
When it comes to litigation, Gmail and others are not on your side. They’ll just simply hand over your emails to the authorities. And, in such event, it makes it difficult for your company’s legal team to defend a case when emails are no longer on company servers.
In conclusion, the 5 Advantages for keeping your professional email where it belongs are:
- Spam filtering, reduced chance of data breaches and other disruptions
- Greater legal protection thanks to control over communications
- Improved email continuity
- Safeguard critical company functions
- More professional image